1. CVE-Search
  2. CVE-2010-2579
ID CVE-2010-2579
Summary The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. Per: http://cwe.mitre.org/data/definitions/665.html 'CWE-665: Improper Initialization'
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-01-2011 - 06:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm http://service.real.com/realplayer/security/12102010_player/en/
sectrack 1024861
Last major update 19-01-2011 - 06:59
Published 14-12-2010 - 16:00
Last modified 19-01-2011 - 06:59
Back to Top