Lucene search
AnonymousZDI-10-274HistoryDec 10, 2010 - 12:00 a.m.
RealNetworks Realplayer RV20 Stream Parsing Remote Code Execution Vulnerability
2010-12-1000:00:00
Anonymous
www.zerodayinitiative.com
11
0.153 Low
EPSS
Percentile
95.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the module responsible for decompressing RV20 video streams. The drv2.dll trusts a value from the file as a length and uses it within a copy loop that writes to heap memory. By specifying large enough values, heap memory can be corrupted which can lead to arbitrary code execution under the context of the user accessing the media file.
Related
prion
prion
Memory corruption
2010-12-14 16:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:52:02
cve
cve
CVE-2010-4378
2010-12-14 16:00:04
cvelist
cvelist
CVE-2010-4378
2010-12-14 15:00:00
nvd
nvd
CVE-2010-4378
2010-12-14 16:00:04
oraclelinux
oraclelinux
HelixPlayer removal
2010-12-14 00:00:00
redhat
redhat
(RHSA-2010:0981) Critical: HelixPlayer removal
2010-12-14 00:00:00
openvas
openvas
CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 i386
2011-08-09 00:00:00
CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 x86_64
2012-07-30 00:00:00
CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 i386
2011-08-09 00:00:00
nessus
nessus
CentOS 4 : HelixPlayer removal (CESA-2010:0981)
2011-01-28 00:00:00
Oracle Linux 4 : HelixPlayer removal (ELSA-2010-0981)
2013-07-12 00:00:00
Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64
2012-08-01 00:00:00
centos
centos
HelixPlayer security update
2011-01-27 09:15:23