Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4379 | First vendor Publication | 2010-12-14 |
Vendor | Cve | Last vendor Modification | 2011-01-26 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted SIPR file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4379 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 x86_64 File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_x86_64.nasl |
2011-08-09 | Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 i386 File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_i386.nasl |
2010-12-29 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Linux) - Dec 10 File : nvt/gb_realplayer_mult_vuln_lin_dec10.nasl |
2010-12-29 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Dec10 File : nvt/gb_realplayer_mult_vuln_win_01_dec10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69840 | RealPlayer Multiple Products Crafted SIPR Handling Overflow RealPlayer is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted SIPR file, a context-dependent attacker can potentially cause an unspecified impact. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host has a deprecated application. File : oraclelinux_ELSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101214_HelixPlayer_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
2010-12-15 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : An application on the remote Windows host is affected by multiple vulnerabili... File : realplayer_12_0_1_609.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
CONFIRM | http://service.real.com/realplayer/security/12102010_player/en/ |
REDHAT | http://www.redhat.com/support/errata/RHSA-2010-0981.html |
SECTRACK | http://www.securitytracker.com/id?1024861 |
Alert History
Date | Informations |
---|---|
2021-05-04 12:12:58 |
|
2021-04-22 01:13:29 |
|
2020-05-23 00:26:58 |
|
2016-06-29 00:16:32 |
|
2014-02-17 10:58:45 |
|
2013-05-10 23:37:53 |
|