Vulnerabilities > CVE-2010-0116 - Numeric Errors vulnerability in Realnetworks Realplayer and Realplayer SP

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
realnetworks
microsoft
CWE-189
critical
nessus
NVD
Published: 2010-08-30
Updated: 2017-09-19

Summary

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Realnetworks
11
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idREALPLAYER_12_0_0_879.NASL
descriptionAccording to its build number, the installed version of RealPlayer on the remote Windows host has multiple buffer overflow vulnerabilities : - A RealPlayer malformed
last seen2020-06-01
modified2020-06-02
plugin id48907
published2010-08-27
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/48907
titleRealPlayer for Windows < Build 12.0.0.879 Multiple Vulnerabilities

Oval

accepted2010-11-01T04:00:11.124-04:00
classvulnerability
contributors
nameSecPod Team
organizationSecPod Technologies
definition_extensions
commentRealPlayer or RealPlayer SP is installed on the system
ovaloval:org.mitre.oval:def:7330
descriptionInteger overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
familywindows
idoval:org.mitre.oval:def:7326
statusaccepted
submitted2010-09-22T01:48:18
titleInteger overflow vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4
version5

References