Vulnerabilities > CVE-2010-0416 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Realnetworks Helix Player and Realplayer

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

realnetworks

CWE-119

nessus

exploit available

NVD

Published: 2010-02-18

Updated: 2024-11-21

Summary

Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.

Vulnerable Configurations

Part	Description	Count
Application	Realnetworks Realnetworks Realplayer * Realnetworks Helix Player 1.0.6	2

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

description	Helix Player 11.0.2 Encoded URI Processing Buffer Overflow Vulnerability. CVE-2010-0416. Remote exploit for linux platform
id	EDB-ID:33620
last seen	2016-02-03
modified	2007-07-03
published	2007-07-03
reporter	gwright
source	https://www.exploit-db.com/download/33620/
title	Helix Player <= 11.0.2 Encoded URI Processing Buffer Overflow Vulnerability

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_REALPLAYER-7122.NASL
description	The security support of Real Player 10 was discontinued a while ago by Real Networks. As there are known critical security problems in Real Player 10 and we are unable to fix them nor update to Real Player 11, we are disabling this player. The media player of SUSE Linux Enterprise Desktop 10, Helix Banshee, has been switched to use the Fluendo GSTreamer MP3 codec included in this update to keep MP3 playing abilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	51689
published	2011-01-27
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51689
title	SuSE 10 Security Update : Realplayer and banshee (ZYPP Patch Number 7122)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51689); script_version ("1.7"); script_cvs_date("Date: 2019/10/25 13:36:40"); script_cve_id("CVE-2009-4242", "CVE-2009-4245", "CVE-2009-4247", "CVE-2009-4248", "CVE-2009-4257", "CVE-2010-0416", "CVE-2010-0417"); script_name(english:"SuSE 10 Security Update : Realplayer and banshee (ZYPP Patch Number 7122)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The security support of Real Player 10 was discontinued a while ago by Real Networks. As there are known critical security problems in Real Player 10 and we are unable to fix them nor update to Real Player 11, we are disabling this player. The media player of SUSE Linux Enterprise Desktop 10, Helix Banshee, has been switched to use the Fluendo GSTreamer MP3 codec included in this update to keep MP3 playing abilities." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4242.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4245.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4247.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4248.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4257.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0416.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0417.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7122."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"RealPlayer-10.0.9-2.9.1")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"gst-fluendo-mp3-2-108.4.1")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"helix-banshee-0.13.2-1.16.1")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"helix-banshee-devel-0.13.2-1.16.1")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"helix-banshee-engine-gst-0.13.2-1.16.1")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"helix-banshee-plugins-default-0.13.2-1.16.1")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"helix-banshee-plugins-extra-0.13.2-1.16.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2010-0094.NASL
description	An updated HelixPlayer package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. Multiple buffer and integer overflow flaws were found in the way HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker could create a specially crafted GIF file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242, CVE-2009-4245) A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. An attacker could create a specially crafted SMIL file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257) A buffer overflow flaw was found in the way HelixPlayer handled the Real Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP server could use this flaw to crash HelixPlayer or, potentially, execute arbitrary code. (CVE-2009-4248) Multiple buffer overflow flaws were discovered in the way HelixPlayer handled RuleBook structures in media files and RTSP streams. Specially crafted input could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417) A buffer overflow flaw was found in the way HelixPlayer performed URL un-escaping. A specially crafted URL string could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2010-0416) All HelixPlayer users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. All running instances of HelixPlayer must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	44428
published	2010-02-10
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44428
title	CentOS 4 : HelixPlayer (CESA-2010:0094)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2010-0094.NASL
description	An updated HelixPlayer package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. Multiple buffer and integer overflow flaws were found in the way HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker could create a specially crafted GIF file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242, CVE-2009-4245) A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. An attacker could create a specially crafted SMIL file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257) A buffer overflow flaw was found in the way HelixPlayer handled the Real Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP server could use this flaw to crash HelixPlayer or, potentially, execute arbitrary code. (CVE-2009-4248) Multiple buffer overflow flaws were discovered in the way HelixPlayer handled RuleBook structures in media files and RTSP streams. Specially crafted input could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417) A buffer overflow flaw was found in the way HelixPlayer performed URL un-escaping. A specially crafted URL string could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2010-0416) All HelixPlayer users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. All running instances of HelixPlayer must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	44430
published	2010-02-10
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44430
title	RHEL 4 : HelixPlayer (RHSA-2010:0094)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20100209_HELIXPLAYER_ON_SL4_X.NASL
description	Multiple buffer and integer overflow flaws were found in the way HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker could create a specially crafted GIF file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242, CVE-2009-4245) A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. An attacker could create a specially crafted SMIL file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257) A buffer overflow flaw was found in the way HelixPlayer handled the Real Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP server could use this flaw to crash HelixPlayer or, potentially, execute arbitrary code. (CVE-2009-4248) Multiple buffer overflow flaws were discovered in the way HelixPlayer handled RuleBook structures in media files and RTSP streams. Specially crafted input could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417) A buffer overflow flaw was found in the way HelixPlayer performed URL un-escaping. A specially crafted URL string could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2010-0416) All running instances of HelixPlayer must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	60729
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60729
title	Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2010-0094.NASL
description	From Red Hat Security Advisory 2010:0094 : An updated HelixPlayer package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. Multiple buffer and integer overflow flaws were found in the way HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker could create a specially crafted GIF file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242, CVE-2009-4245) A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. An attacker could create a specially crafted SMIL file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257) A buffer overflow flaw was found in the way HelixPlayer handled the Real Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP server could use this flaw to crash HelixPlayer or, potentially, execute arbitrary code. (CVE-2009-4248) Multiple buffer overflow flaws were discovered in the way HelixPlayer handled RuleBook structures in media files and RTSP streams. Specially crafted input could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417) A buffer overflow flaw was found in the way HelixPlayer performed URL un-escaping. A specially crafted URL string could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2010-0416) All HelixPlayer users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. All running instances of HelixPlayer must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	67994
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67994
title	Oracle Linux 4 : HelixPlayer (ELSA-2010-0094)

Oval

accepted

2013-04-29T04:09:19.217-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10847

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2010:0094

rpms

HelixPlayer-1:1.0.6-1.el4_8.1
HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Nessus

Oval

Redhat

References