Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4392 | First vendor Publication | 2010-12-14 |
Vendor | Cve | Last vendor Modification | 2011-01-26 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4392 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 x86_64 File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_x86_64.nasl |
2011-08-09 | Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 i386 File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_i386.nasl |
2010-12-29 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Linux) - Dec 10 File : nvt/gb_realplayer_mult_vuln_lin_dec10.nasl |
2010-12-29 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Dec10 File : nvt/gb_realplayer_mult_vuln_win_dec10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69852 | RealPlayer Multiple Products RealMedia File Crafted ImageMap Data Overflow RealPlayer is prone to an overflow condition. The program fails to properly decode data for a particular mime type within a RealMedia file resulting in a heap-based buffer overflow. With specially crafted ImageMap data in a RealMedia file, a context-dependent attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host has a deprecated application. File : oraclelinux_ELSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101214_HelixPlayer_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
2010-12-15 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0981.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : An application on the remote Windows host is affected by multiple vulnerabili... File : realplayer_12_0_1_609.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:12:51 |
|
2021-04-22 01:13:29 |
|
2020-05-23 00:26:58 |
|
2016-06-28 18:23:14 |
|
2014-02-17 10:58:48 |
|
2013-05-10 23:37:56 |
|