Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-4257 | First vendor Publication | 2010-01-25 |
Vendor | Cve | Last vendor Modification | 2018-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4257 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11110 | |||
Oval ID: | oval:org.mitre.oval:def:11110 | ||
Title: | Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. | ||
Description: | Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4257 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-02-15 | Name : CentOS Update for HelixPlayer CESA-2010:0094 centos4 i386 File : nvt/gb_CESA-2010_0094_HelixPlayer_centos4_i386.nasl |
2010-02-15 | Name : RedHat Update for HelixPlayer RHSA-2010:0094-02 File : nvt/gb_RHSA-2010_0094-02_HelixPlayer.nasl |
2010-02-02 | Name : RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux) File : nvt/secpod_realplayer_mult_code_exec_vuln_lin.nasl |
2010-02-02 | Name : RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Win) File : nvt/secpod_realplayer_mult_code_exec_vuln_win.nasl |
2010-02-02 | Name : RealNetworks RealPlayer SMIL file BOF Vulnerability (Linux) File : nvt/secpod_realplayer_smil_bof_lin.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61973 | RealNetworks Multiple Products smlrender.dll SMIL File Handling Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-02-18 | IAVM : 2010-A-0022 - Multiple HelixPlayer Vulnerabilities in Red Hat Enterprise Linux 4 Severity : Category II - VMSKEY : V0022670 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0094.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100209_HelixPlayer_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-02-10 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0094.nasl - Type : ACT_GATHER_INFO |
2010-02-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0094.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Windows application is affected by multiple buffer overflow vulner... File : realplayer_12_0_0_319.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 00:24:41 |
|
2018-10-11 00:19:43 |
|
2017-09-19 09:23:31 |
|
2017-08-17 09:22:48 |
|
2016-06-29 00:08:32 |
|
2016-04-26 19:18:37 |
|
2014-02-17 10:52:37 |
|
2013-11-11 12:38:29 |
|
2013-05-11 00:02:05 |
|