Description
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.
References (8)
Core 8
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0178
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023489
Patch, Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/01192010_player/en/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38218
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37880
Patch x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-008/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55797
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509098/100/0/threaded
Scores
EPSS
0.0868
EPSS Percentile
92.6%
Details
CWE
CWE-119
Status
published
Products (16)
realnetworks/helix_player
10.0
realnetworks/helix_player
11.0.0
realnetworks/helix_player
11.0.1
realnetworks/realplayer
10.0 (2 CPE variants)
realnetworks/realplayer
10.5
realnetworks/realplayer
11.0
realnetworks/realplayer
11.0.1 (2 CPE variants)
realnetworks/realplayer
11.0.2
realnetworks/realplayer
11.0.3
realnetworks/realplayer
11.0.4
... and 6 more
Published
Jan 25, 2010
Tracked Since
Feb 18, 2026