Vulnerabilities > CVE-2010-0117 - Unspecified vulnerability in Realnetworks Realplayer and Realplayer SP

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
realnetworks
microsoft
critical
nessus
NVD
Published: 2010-08-30
Updated: 2017-09-19

Summary

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.

Vulnerable Configurations

Part Description Count
Application
Realnetworks
11
OS
Microsoft
1

Nessus

NASL familyWindows
NASL idREALPLAYER_12_0_0_879.NASL
descriptionAccording to its build number, the installed version of RealPlayer on the remote Windows host has multiple buffer overflow vulnerabilities : - A RealPlayer malformed
last seen2020-06-01
modified2020-06-02
plugin id48907
published2010-08-27
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/48907
titleRealPlayer for Windows < Build 12.0.0.879 Multiple Vulnerabilities

Oval

accepted2010-11-01T04:00:08.796-04:00
classvulnerability
contributors
nameSecPod Team
organizationSecPod Technologies
definition_extensions
commentRealPlayer or RealPlayer SP is installed on the system
ovaloval:org.mitre.oval:def:7330
descriptionRealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
familywindows
idoval:org.mitre.oval:def:7169
statusaccepted
submitted2010-09-22T01:48:18
titleVulnerability in RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows during YUV420 transformations
version5

References