CVE-2009-4248

RealNetworks RealPlayer <6.0.12.1741 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.

References (15)

Core 15

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=561361

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0094.html

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0178

Various Sources x_refsource_confirm

https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023489

Patch, Vendor Advisory x_refsource_confirm

http://service.real.com/realplayer/security/01192010_player/en/

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38450

Various Sources mailing-list x_refsource_mlist

http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html

Various Sources mailing-list x_refsource_mlist

http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html

Various Sources x_refsource_confirm

https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38218

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641

Various Sources mailing-list x_refsource_mlist

http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37880

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55801

Scores

EPSS 0.0736

EPSS Percentile 91.8%

Details

CWE

CWE-119

Status published

Products (16)

realnetworks/helix_player 10.0

realnetworks/helix_player 11.0.0

realnetworks/helix_player 11.0.1

realnetworks/realplayer 10.0 (2 CPE variants)

realnetworks/realplayer 10.5

realnetworks/realplayer 11.0

realnetworks/realplayer 11.0.1 (2 CPE variants)

realnetworks/realplayer 11.0.2

realnetworks/realplayer 11.0.3

realnetworks/realplayer 11.0.4

... and 6 more

Published Jan 25, 2010

Tracked Since Feb 18, 2026