Lucene search

Veracode Vulnerability DatabaseVERACODE:24302

HistoryApr 10, 2020 - 12:52 a.m.

Arbitrary Code Execution

2020-04-1000:52:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

helixplayer is vulnerable to arbitrary code execution. Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, lead to arbitrary code execution with the privileges of the user running Helix Player.

CPENameOperatorVersion
helixplayereq1.0.6__1.el4_8.1
helixplayereq1.0.6__1.el4_8.1

CPE	Name	Operator	Version
	helixplayer	eq	1.0.6__1.el4_8.1
	helixplayer	eq	1.0.6__1.el4_8.1

References

service.real.com/realplayer/security/12102010_player/en/

www.redhat.com/support/errata/RHSA-2010-0981.html

www.securitytracker.com/id?1024861

access.redhat.com/errata/RHSA-2010:0981

access.redhat.com/security/updates/classification/#critical

player.helixcommunity.org/

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:24302