CVE-2010-0116
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.4 - Remote Code Execution via Crafted QCP File
Title source: llmDescription
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2216
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41096
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61420
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7326
Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/08262010_player/en/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024370
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41154
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-3/
Scores
EPSS
0.1253
EPSS Percentile
94.0%
Details
CWE
CWE-189
Status
published
Products (11)
realnetworks/realplayer
11.0
realnetworks/realplayer
11.1
realnetworks/realplayer_sp
1.0.0
realnetworks/realplayer_sp
1.0.1
realnetworks/realplayer_sp
1.0.2
realnetworks/realplayer_sp
1.0.5
realnetworks/realplayer_sp
1.1
realnetworks/realplayer_sp
1.1.1
realnetworks/realplayer_sp
1.1.2
realnetworks/realplayer_sp
1.1.3
... and 1 more
Published
Aug 30, 2010
Tracked Since
Feb 18, 2026