Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-4385 | First vendor Publication | 2010-12-14 |
| Vendor | Cve | Last vendor Modification | 2011-01-26 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4385 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 x86_64 File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_x86_64.nasl |
| 2011-08-09 | Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 i386 File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_i386.nasl |
| 2010-12-29 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Linux) - Dec 10 File : nvt/gb_realplayer_mult_vuln_lin_dec10.nasl |
| 2010-12-29 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Dec10 File : nvt/gb_realplayer_mult_vuln_win_01_dec10.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69846 | RealPlayer Multiple Products SIPR Stream Crafted Frame Dimensions Remote Over... RealPlayer is prone to an overflow condition. The drv1.dll module fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted .rm file, a context-dependent attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host has a deprecated application. File : oraclelinux_ELSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101214_HelixPlayer_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
| 2010-12-15 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
| 2010-11-16 | Name : An application on the remote Windows host is affected by multiple vulnerabili... File : realplayer_12_0_1_609.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| CONFIRM | http://service.real.com/realplayer/security/12102010_player/en/ |
| REDHAT | http://www.redhat.com/support/errata/RHSA-2010-0981.html |
| SECTRACK | http://www.securitytracker.com/id?1024861 |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:12:51 |
|
| 2021-04-22 01:13:29 |
|
| 2020-05-23 00:26:58 |
|
| 2016-06-29 00:16:34 |
|
| 2014-02-17 10:58:46 |
|
| 2013-05-10 23:37:55 |
|
