CVE-2009-4257

RealNetworks RealPlayer <6.0.12.1741 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.

References (14)

Core 14

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0094.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/509105/100/0/threaded

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0178

Various Sources mailing-list x_refsource_mlist

http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55798

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023489

Patch, Vendor Advisory x_refsource_confirm

http://service.real.com/realplayer/security/01192010_player/en/

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=561309

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38450

Various Sources x_refsource_confirm

https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38218

Patch x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-10-007/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37880

Scores

EPSS 0.1084

EPSS Percentile 93.5%

Details

CWE

CWE-119

Status published

Products (16)

realnetworks/helix_player 10.0

realnetworks/helix_player 11.0.0

realnetworks/helix_player 11.0.1

realnetworks/realplayer 10.0 (2 CPE variants)

realnetworks/realplayer 10.5

realnetworks/realplayer 11.0

realnetworks/realplayer 11.0.1 (2 CPE variants)

realnetworks/realplayer 11.0.2

realnetworks/realplayer 11.0.3

realnetworks/realplayer 11.0.4

... and 6 more

Published Jan 25, 2010

Tracked Since Feb 18, 2026