Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-4248 | First vendor Publication | 2010-01-25 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4248 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10641 | |||
Oval ID: | oval:org.mitre.oval:def:10641 | ||
Title: | Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. | ||
Description: | Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4248 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-02-15 | Name : CentOS Update for HelixPlayer CESA-2010:0094 centos4 i386 File : nvt/gb_CESA-2010_0094_HelixPlayer_centos4_i386.nasl |
2010-02-15 | Name : RedHat Update for HelixPlayer RHSA-2010:0094-02 File : nvt/gb_RHSA-2010_0094-02_HelixPlayer.nasl |
2010-02-02 | Name : RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux) File : nvt/secpod_realplayer_mult_code_exec_vuln_lin.nasl |
2010-02-02 | Name : RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Win) File : nvt/secpod_realplayer_mult_code_exec_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61972 | RealNetworks Multiple Products CMediumBlockAllocator::Alloc Method Crafted RT... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-02-18 | IAVM : 2010-A-0022 - Multiple HelixPlayer Vulnerabilities in Red Hat Enterprise Linux 4 Severity : Category II - VMSKEY : V0022670 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0094.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100209_HelixPlayer_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-02-10 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0094.nasl - Type : ACT_GATHER_INFO |
2010-02-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0094.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Windows application is affected by multiple buffer overflow vulner... File : realplayer_12_0_0_319.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 00:24:41 |
|
2017-09-19 09:23:31 |
|
2017-08-17 09:22:48 |
|
2016-06-29 00:08:31 |
|
2016-04-26 19:18:31 |
|
2014-02-17 10:52:37 |
|
2013-11-11 12:38:29 |
|
2013-05-11 00:02:04 |
|