Vulnerability-Lookup

CVE-2010-4389 (GCVE-0-2010-4389)

Vulnerability from cvelistv5 – Published: 2010-12-14 15:00 – Updated: 2024-08-07 03:43

Summary

Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/69849	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1024861	vdb-entryx_refsource_SECTRACK
	http://www.zerodayinitiative.com/advisories/ZDI-10-279	x_refsource_MISC
	http://service.real.com/realplayer/security/12102…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "69849",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/69849"
          },
          {
            "name": "1024861",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024861"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://service.real.com/realplayer/security/12102010_player/en/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-21T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "69849",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/69849"
        },
        {
          "name": "1024861",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024861"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://service.real.com/realplayer/security/12102010_player/en/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4389",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "69849",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/69849"
            },
            {
              "name": "1024861",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024861"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-279",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
            },
            {
              "name": "http://service.real.com/realplayer/security/12102010_player/en/",
              "refsource": "CONFIRM",
              "url": "http://service.real.com/realplayer/security/12102010_player/en/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4389",
    "datePublished": "2010-12-14T15:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F826B276-91E6-495E-B429-51B1C5ECB146\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A732E6C-108F-447F-98B1-EA774A0537EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D03738C3-D659-488D-B285-64A496C0F1FB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53D7AE43-A3AC-4B38-B0A3-E6F02834224F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59FEDCDF-9FBF-4D08-A50F-FF92763DFC21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54A11B3A-547C-4F2F-A58E-DE06DBBE8115\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7243D80-913D-405C-9988-B8473DB1A5DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4C6D399-FF31-441D-A363-BD53CFE5569A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9818A6FB-2CF5-4236-8EFE-95458D603CC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73CC0582-D889-4907-A32E-218AC2B0591F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"381DD10A-3459-40BD-88DB-2CC0BCA63F4C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de buffer basado en mont\\u00f3n en el codec cook de RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de datos no especificados en la inicializaci\\u00f3n del buffer.\"}]",
      "id": "CVE-2010-4389",
      "lastModified": "2024-11-21T01:20:50.730",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-12-14T16:00:04.913",
      "references": "[{\"url\": \"http://osvdb.org/69849\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://service.real.com/realplayer/security/12102010_player/en/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1024861\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-279\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/69849\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://service.real.com/realplayer/security/12102010_player/en/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1024861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4389\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-12-14T16:00:04.913\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer basado en mont\u00f3n en el codec cook de RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos no especificados en la inicializaci\u00f3n del buffer.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F826B276-91E6-495E-B429-51B1C5ECB146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A732E6C-108F-447F-98B1-EA774A0537EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D03738C3-D659-488D-B285-64A496C0F1FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53D7AE43-A3AC-4B38-B0A3-E6F02834224F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FEDCDF-9FBF-4D08-A50F-FF92763DFC21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A11B3A-547C-4F2F-A58E-DE06DBBE8115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7243D80-913D-405C-9988-B8473DB1A5DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C6D399-FF31-441D-A363-BD53CFE5569A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9818A6FB-2CF5-4236-8EFE-95458D603CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CC0582-D889-4907-A32E-218AC2B0591F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"381DD10A-3459-40BD-88DB-2CC0BCA63F4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/69849\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://service.real.com/realplayer/security/12102010_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1024861\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-279\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/69849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://service.real.com/realplayer/security/12102010_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1024861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2010-AVI-586

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans RealPlayer permettent à une personne malveillante distante d'exécuter du code arbitraire.

Description

De multiples vulnérabilités ont été découvertes dans RealPlayer. Elles peuvent être utilisées par une personne malveillante distante pour exécuter du code arbitraire, notamment par le biais de fichiers AAC spécialement conçus. Ces vulnérabilités n'affectent pas les dernières versions de RealPlayer.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac RealPlayer 12.0.0.1444 et antérieures ;
N/A	N/A	Linux RealPlayer 11.0.2.1744 et antérieures.
N/A	N/A	RealPlayer SP 1.1.5 et antérieures ;
N/A	N/A	RealPlayer 11.1 et antérieures ;
N/A	N/A	RealPlayer Enterprise 2.1.3 et antérieures ;

References

Title

Publication Time

Tags

Mise à jour de sécurité RealPlayer du 10 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac RealPlayer 12.0.0.1444 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Linux RealPlayer 11.0.2.1744 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer SP 1.1.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 11.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer Enterprise 2.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans RealPlayer. Elles\npeuvent \u00eatre utilis\u00e9es par une personne malveillante distante pour\nex\u00e9cuter du code arbitraire, notamment par le biais de fichiers AAC\nsp\u00e9cialement con\u00e7us. Ces vuln\u00e9rabilit\u00e9s n\u0027affectent pas les derni\u00e8res\nversions de RealPlayer.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0125"
    },
    {
      "name": "CVE-2010-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2997"
    },
    {
      "name": "CVE-2010-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4394"
    },
    {
      "name": "CVE-2010-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4380"
    },
    {
      "name": "CVE-2010-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4377"
    },
    {
      "name": "CVE-2010-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4384"
    },
    {
      "name": "CVE-2010-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4389"
    },
    {
      "name": "CVE-2010-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4391"
    },
    {
      "name": "CVE-2010-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4382"
    },
    {
      "name": "CVE-2010-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4379"
    },
    {
      "name": "CVE-2010-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
    },
    {
      "name": "CVE-2010-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4388"
    },
    {
      "name": "CVE-2010-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4397"
    },
    {
      "name": "CVE-2010-2999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2999"
    },
    {
      "name": "CVE-2010-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4385"
    },
    {
      "name": "CVE-2010-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4392"
    },
    {
      "name": "CVE-2010-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4378"
    },
    {
      "name": "CVE-2010-4383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4383"
    },
    {
      "name": "CVE-2010-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4387"
    },
    {
      "name": "CVE-2010-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0121"
    },
    {
      "name": "CVE-2010-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2579"
    },
    {
      "name": "CVE-2010-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4386"
    },
    {
      "name": "CVE-2010-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4381"
    },
    {
      "name": "CVE-2010-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4390"
    },
    {
      "name": "CVE-2010-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4396"
    },
    {
      "name": "CVE-2010-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4395"
    },
    {
      "name": "CVE-2010-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4375"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-586",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans RealPlayer permettent \u00e0 une personne\nmalveillante distante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 RealPlayer du 10 d\u00e9cembre 2010",
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    }
  ]
}

CERTA-2010-AVI-586

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans RealPlayer permettent à une personne malveillante distante d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac RealPlayer 12.0.0.1444 et antérieures ;
N/A	N/A	Linux RealPlayer 11.0.2.1744 et antérieures.
N/A	N/A	RealPlayer SP 1.1.5 et antérieures ;
N/A	N/A	RealPlayer 11.1 et antérieures ;
N/A	N/A	RealPlayer Enterprise 2.1.3 et antérieures ;

References

Title

Publication Time

Tags

Mise à jour de sécurité RealPlayer du 10 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac RealPlayer 12.0.0.1444 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Linux RealPlayer 11.0.2.1744 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer SP 1.1.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 11.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer Enterprise 2.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans RealPlayer. Elles\npeuvent \u00eatre utilis\u00e9es par une personne malveillante distante pour\nex\u00e9cuter du code arbitraire, notamment par le biais de fichiers AAC\nsp\u00e9cialement con\u00e7us. Ces vuln\u00e9rabilit\u00e9s n\u0027affectent pas les derni\u00e8res\nversions de RealPlayer.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0125"
    },
    {
      "name": "CVE-2010-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2997"
    },
    {
      "name": "CVE-2010-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4394"
    },
    {
      "name": "CVE-2010-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4380"
    },
    {
      "name": "CVE-2010-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4377"
    },
    {
      "name": "CVE-2010-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4384"
    },
    {
      "name": "CVE-2010-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4389"
    },
    {
      "name": "CVE-2010-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4391"
    },
    {
      "name": "CVE-2010-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4382"
    },
    {
      "name": "CVE-2010-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4379"
    },
    {
      "name": "CVE-2010-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
    },
    {
      "name": "CVE-2010-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4388"
    },
    {
      "name": "CVE-2010-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4397"
    },
    {
      "name": "CVE-2010-2999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2999"
    },
    {
      "name": "CVE-2010-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4385"
    },
    {
      "name": "CVE-2010-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4392"
    },
    {
      "name": "CVE-2010-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4378"
    },
    {
      "name": "CVE-2010-4383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4383"
    },
    {
      "name": "CVE-2010-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4387"
    },
    {
      "name": "CVE-2010-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0121"
    },
    {
      "name": "CVE-2010-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2579"
    },
    {
      "name": "CVE-2010-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4386"
    },
    {
      "name": "CVE-2010-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4381"
    },
    {
      "name": "CVE-2010-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4390"
    },
    {
      "name": "CVE-2010-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4396"
    },
    {
      "name": "CVE-2010-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4395"
    },
    {
      "name": "CVE-2010-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4375"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-586",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans RealPlayer permettent \u00e0 une personne\nmalveillante distante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 RealPlayer du 10 d\u00e9cembre 2010",
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    }
  ]
}

GSD-2010-4389

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4389

Aliases

CVE-2010-4389

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4389",
    "description": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.",
    "id": "GSD-2010-4389"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4389"
      ],
      "details": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.",
      "id": "GSD-2010-4389",
      "modified": "2023-12-13T01:21:29.943378Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-4389",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "69849",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/69849"
          },
          {
            "name": "1024861",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024861"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-279",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
          },
          {
            "name": "http://service.real.com/realplayer/security/12102010_player/en/",
            "refsource": "CONFIRM",
            "url": "http://service.real.com/realplayer/security/12102010_player/en/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4389"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-279",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
            },
            {
              "name": "http://service.real.com/realplayer/security/12102010_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://service.real.com/realplayer/security/12102010_player/en/"
            },
            {
              "name": "69849",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/69849"
            },
            {
              "name": "1024861",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024861"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-01-19T07:02Z",
      "publishedDate": "2010-12-14T16:00Z"
    }
  }
}

FKIE_CVE-2010-4389

Vulnerability from fkie_nvd - Published: 2010-12-14 16:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/69849
cve@mitre.org	http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id?1024861
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-279
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/69849
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024861
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-279

Impacted products

Vendor	Product	Version
realnetworks	realplayer	11.0
realnetworks	realplayer	11.0.1
realnetworks	realplayer	11.0.2
realnetworks	realplayer	11.0.3
realnetworks	realplayer	11.0.4
realnetworks	realplayer	11.0.5
realnetworks	realplayer	11.1
realnetworks	realplayer_sp	1.0.0
realnetworks	realplayer_sp	1.0.1
realnetworks	realplayer_sp	1.0.2
realnetworks	realplayer_sp	1.0.5
realnetworks	realplayer_sp	1.1
realnetworks	realplayer_sp	1.1.1
realnetworks	realplayer_sp	1.1.2
realnetworks	realplayer_sp	1.1.3
realnetworks	realplayer_sp	1.1.4
realnetworks	realplayer_sp	1.1.5
realnetworks	realplayer	11.0.2.1744
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*",
              "matchCriteriaId": "381DD10A-3459-40BD-88DB-2CC0BCA63F4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en mont\u00f3n en el codec cook de RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos no especificados en la inicializaci\u00f3n del buffer."
    }
  ],
  "id": "CVE-2010-4389",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-14T16:00:04.913",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/69849"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024861"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/69849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CJ5P-J8V6-F438

Vulnerability from github – Published: 2022-05-17 05:44 – Updated: 2025-04-11 03:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-14T16:00:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.",
  "id": "GHSA-cj5p-j8v6-f438",
  "modified": "2025-04-11T03:41:52Z",
  "published": "2022-05-17T05:44:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4389"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/69849"
    },
    {
      "type": "WEB",
      "url": "http://service.real.com/realplayer/security/12102010_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024861"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4389 (GCVE-0-2010-4389)

CERTA-2010-AVI-586

Description

Solution

CERTA-2010-AVI-586

Description

Solution

GSD-2010-4389

FKIE_CVE-2010-4389

GHSA-CJ5P-J8V6-F438

Tags

Sightings

Nomenclature