cvelistv5 - CVE-2009-4244

CVE-2009-4244 (GCVE-0-2009-4244)

Vulnerability from cvelistv5

Published

2010-01-25 19:00

Modified

2024-08-07 06:54

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CERTA-2010-AVI-023

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans les produits RealNetworks permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire.

Description

Onze vulnérabilités, de type débordement de mémoire, ont été découvertes dans les produits RealPlayer et Helix Player. Ces vulnérabilités peuvent être exploitées par une personne distante malveillante afin de provoquer un déni de service ou encore d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions suivantes pour Microsoft Windows sont affectées :

RealPlayer SP 1.0.0 et 1.0.1 ;
RealPlayer 11.x ;
RealPlayer 10.x ;
RealPlayer Enterprise.

Les versions suivantes pour Mac OS sont affectées :

Mac RealPlayer 11.x ;
Mac RealPlayer 10.x.

Les versions suivantes pour GNU/Linux sont affectées :

GNU/Linux RealPlayer 11.x ;
GNU/Linux RealPlayer 10.x ;
Helix RealPlayer 11.x ;
Helix RealPlayer 10.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

gsd-2009-4244

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-4244

Aliases

CVE-2009-4244

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4244",
    "description": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.",
    "id": "GSD-2009-4244"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4244"
      ],
      "details": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.",
      "id": "GSD-2009-4244",
      "modified": "2023-12-13T01:19:45.602725Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4244",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2010-0178",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0178"
          },
          {
            "name": "1023489",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023489"
          },
          {
            "name": "http://service.real.com/realplayer/security/01192010_player/en/",
            "refsource": "CONFIRM",
            "url": "http://service.real.com/realplayer/security/01192010_player/en/"
          },
          {
            "name": "38218",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38218"
          },
          {
            "name": "37880",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37880"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
          },
          {
            "name": "realplayer-sipr-bo(55797)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
          },
          {
            "name": "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4244"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-0178",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0178"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
            },
            {
              "name": "38218",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38218"
            },
            {
              "name": "37880",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37880"
            },
            {
              "name": "http://service.real.com/realplayer/security/01192010_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://service.real.com/realplayer/security/01192010_player/en/"
            },
            {
              "name": "1023489",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1023489"
            },
            {
              "name": "realplayer-sipr-bo(55797)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
            },
            {
              "name": "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:48Z",
      "publishedDate": "2010-01-25T19:30Z"
    }
  }
}

var-201001-0741

Vulnerability from variot

Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of SIPR codec fields. Specifying a small length value can trigger an undersized heap allocation. This buffer can then subsequently be overflowed. This vulnerability can result in arbitrary code execution under the context of the currently logged in user. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. A heap buffer overflow vulnerability exists in version x. ----------------------------------------------------------------------

Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/

TITLE: RealPlayer Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA38218

VERIFY ADVISORY: http://secunia.com/advisories/38218/

DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system.

1) An unspecified error related to the RealPlayer ASM Rulebook can be exploited to cause a heap-based buffer overflow.

2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow.

3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding.

4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow.

5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow.

6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow.

7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow.

8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow".

9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow.

10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/

PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative

ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/

OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-008 January 21, 2010

-- CVE ID: CVE-2009-4244

-- Affected Vendors: RealNetworks

-- Affected Products: RealNetworks RealPlayer

-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6514.

-- Vendor Response: RealNetworks has issued an update to correct this vulnerability.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201001-0741",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "11.0.1"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "10.5"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "11.0.0"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "10.0"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "10.1"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "11.0"
      },
      {
        "model": "realplayer sp",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "realnetworks",
        "version": "1.0.1"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "realnetworks",
        "version": "11.0.5"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "realnetworks",
        "version": "11.0.4"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "realnetworks",
        "version": "11.0.3"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "realnetworks",
        "version": "11.0.2"
      },
      {
        "model": "realplayer sp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "1.0.0"
      },
      {
        "model": "helix player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "11.0.0"
      },
      {
        "model": "helix player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "10.0"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "*"
      },
      {
        "model": "helix player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "11.0.1"
      },
      {
        "model": "realplayer enterprise",
        "scope": null,
        "trust": 0.9,
        "vendor": "realnetworks",
        "version": null
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "(enterprise)"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "10"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "10.5"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "11"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "sp 1.0.0"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "sp 1.0.1"
      },
      {
        "model": "realplayer",
        "scope": null,
        "trust": 0.7,
        "vendor": "realnetworks",
        "version": null
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "realplayer sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.0"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.7"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.6"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.5"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.2"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.1"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.331"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.503"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.481"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.412"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.396"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.352"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.325"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.305"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.1.3114"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.9"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.8"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.7"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.6"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.5"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.4"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.3"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.2"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.1"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1741"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1698"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1675"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1663"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1483"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1348"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1235"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1069"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1059"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1056"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1053"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1040"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "11"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:realnetworks:realplayer",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint\u0027s Zero Day Initiative, and anonymous researchers working with TippingPoint\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-4244",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-4244",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2009-4244",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-41690",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-4244",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-4244",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2009-4244",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201001-244",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-41690",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of SIPR codec fields. Specifying a small length value can trigger an undersized heap allocation. This buffer can then subsequently be overflowed. This vulnerability can result in arbitrary code execution under the context of the currently logged in user. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. \nA remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nThe following are vulnerable:\nRealPlayer SP 1.0.0 through 1.0.1\nRealPlayer 11 11.0.0 through 11.0.5\nRealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741\nRealPlayer 10 and 10.1\nHelix Player 11.0.0 through 11.0.2. A heap buffer overflow vulnerability exists in version x. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRealPlayer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38218\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38218/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in RealPlayer, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n1) An unspecified error related to the RealPlayer ASM Rulebook can be\nexploited to cause a heap-based buffer overflow. \n\n2) An unspecified error when processing GIF images can be exploited\nto cause a heap-based buffer overflow. \n\n3) A vulnerability is caused due to an unspecified error related to\nHTTP chunk encoding. \n\n4) An unspecified error within the RealPlayer SIPR codec can be\nexploited to cause a heap-based buffer overflow. \n\n5) An unspecified error when processing compressed GIF images can be\nexploited to cause a heap-based buffer overflow. \n\n6) An unspecified error within the RealPlayer SMIL parsing can be\nexploited to cause a heap-based buffer overflow. \n\n7) An unspecified error within the RealPlayer skin parsing can be\nexploited to cause a stack-based buffer overflow. \n\n8) An unspecified error related to the RealPlayer ASM RuleBook can be\nexploited to cause an \"array overflow\". \n\n9) An unspecified boundary error related to RealPlayer RTSP\n\"set_parameter\" can be exploited to cause a buffer overflow. \n\n10) Two vulnerabilities are caused due to errors within the\nprocessing of Internet Video Recording (IVR) files. Please see the vendor\u0027s advisory for\ndetails. \nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Evgeny Legerov\n* anonymous persons working with iDEFENSE Labs\n* John Rambo and anonymous researchers working with TippingPoint\u0027s\nZero Day Initiative\n\nORIGINAL ADVISORY:\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nOTHER REFERENCES:\nSA33810:\nhttp://secunia.com/advisories/33810/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-008\nJanuary 21, 2010\n\n-- CVE ID:\nCVE-2009-4244\n\n-- Affected Vendors:\nRealNetworks\n\n-- Affected Products:\nRealNetworks RealPlayer\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 6514. \n\n-- Vendor Response:\nRealNetworks has issued an update to correct this vulnerability. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85508"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-41690",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-4244",
        "trust": 3.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-008",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "37880",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "38218",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1023489",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0178",
        "trust": 2.5
      },
      {
        "db": "XF",
        "id": "55797",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-317",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20100121 ZDI-10-008: REALNETWORKS REALPLAYER SIPR CODEC REMOTE CODE EXECUTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-010",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-006",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-005",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-007",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "85508",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-41690",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "85439",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "id": "VAR-201001-0741",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:47:35.729000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Releases Update to Address Security Vulnerabilities",
        "trust": 0.8,
        "url": "http://service.real.com/realplayer/security/01192010_player/en"
      },
      {
        "title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9",
        "trust": 0.8,
        "url": "http://service.real.com/realplayer/security/01192010_player/ja/"
      },
      {
        "title": "RealNetworks has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://service.real.com/realplayer/security/01192010_player/en/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://service.real.com/realplayer/security/01192010_player/en/"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/37880"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1023489"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/38218"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2010/0178"
      },
      {
        "trust": 2.0,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-008/"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/55797"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4244"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4244"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/509098/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
      },
      {
        "trust": 0.3,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839"
      },
      {
        "trust": 0.3,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837"
      },
      {
        "trust": 0.3,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838"
      },
      {
        "trust": 0.3,
        "url": "http://www.realnetworks.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-005/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-006/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-007/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-010/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509286"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509293"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509288"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509100"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509096"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509105"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509098"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509104"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38218/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/71/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33810/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-008"
      },
      {
        "trust": 0.1,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4244"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-01-21T00:00:00",
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "date": "2010-01-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "date": "2010-01-20T00:00:00",
        "db": "BID",
        "id": "37880"
      },
      {
        "date": "2010-02-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "date": "2010-01-20T16:00:34",
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "date": "2010-01-22T07:39:24",
        "db": "PACKETSTORM",
        "id": "85508"
      },
      {
        "date": "2010-01-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "date": "2010-01-25T19:30:01.400000",
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-01-21T00:00:00",
        "db": "ZDI",
        "id": "ZDI-10-008"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41690"
      },
      {
        "date": "2010-07-13T20:27:00",
        "db": "BID",
        "id": "37880"
      },
      {
        "date": "2010-02-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      },
      {
        "date": "2010-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      },
      {
        "date": "2024-11-21T01:09:14.213000",
        "db": "NVD",
        "id": "CVE-2009-4244"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "85508"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Realnetworks RealPlayer Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001049"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-244"
      }
    ],
    "trust": 0.6
  }
}

ghsa-4qm6-973j-4qvf

Vulnerability from github

Published

2022-05-02 03:53

Modified

2025-04-11 03:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-01-25T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.",
  "id": "GHSA-4qm6-973j-4qvf",
  "modified": "2025-04-11T03:31:03Z",
  "published": "2022-05-02T03:53:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4244"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38218"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023489"
    },
    {
      "type": "WEB",
      "url": "http://service.real.com/realplayer/security/01192010_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37880"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0178"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2009-4244

Vulnerability from fkie_nvd

Published

2010-01-25 19:30

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/38218	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1023489	Patch
cve@mitre.org	http://service.real.com/realplayer/security/01192010_player/en/	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/509098/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/37880
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0178	Patch, Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-008/	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55797
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023489	Patch
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/01192010_player/en/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/509098/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37880
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0178	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-008/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55797

Impacted products

Vendor	Product	Version
realnetworks	realplayer	10.0
realnetworks	realplayer	10.5
realnetworks	realplayer	11.0
realnetworks	realplayer	11.0.1
realnetworks	realplayer	11.0.2
realnetworks	realplayer	11.0.3
realnetworks	realplayer	11.0.4
realnetworks	realplayer	11.0.5
realnetworks	realplayer_enterprise	*
realnetworks	realplayer_sp	1.0.0
realnetworks	realplayer_sp	1.0.1
microsoft	windows	*
realnetworks	realplayer	10.0
realnetworks	realplayer	10.1
realnetworks	realplayer	11.0
realnetworks	realplayer	11.0.1
apple	mac_os_x	*
realnetworks	helix_player	10.0
realnetworks	helix_player	11.0.0
realnetworks	helix_player	11.0.1
realnetworks	realplayer	10.0
realnetworks	realplayer	11.0.0
realnetworks	realplayer	11.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica  en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del campo de codec SIPR con un valor de longitud peque\u00f1o que provoca una localizaci\u00f3n de memoria incorrecta."
    }
  ],
  "evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
  "id": "CVE-2009-4244",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-01-25T19:30:01.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023489"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/01192010_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/01192010_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-4244 (GCVE-0-2009-4244)

Vulnerability from cvelistv5

CERTA-2010-AVI-023

Vulnerability from certfr_avis

Description

Solution

gsd-2009-4244

Vulnerability from gsd

var-201001-0741

Vulnerability from variot

ghsa-4qm6-973j-4qvf

Vulnerability from github

fkie_cve-2009-4244

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature