Lucene search
Damian PutZDI-11-335HistoryNov 28, 2011 - 12:00 a.m.
RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability
2011-11-2800:00:00
Damian Put
www.zerodayinitiative.com
15
0.001 Low
EPSS
Percentile
51.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.
Related
cve
cve
CVE-2011-4252
2022-10-03 16:15:13
nvd
nvd
CVE-2011-4252
2011-11-24 11:55:07
prion
prion
Design/Logic Flaw
2011-11-24 11:55:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2011-4252
2022-10-03 16:15:13
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities Nov - 11 (Mac OS X)
2011-11-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Nov 2011) - Mac OS X
2011-11-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities Nov - 11 (Windows)
2011-11-29 00:00:00
nessus
nessus
RealPlayer for Windows < 15.0.0 Multiple Vulnerabilities
2011-12-06 00:00:00