CVE-2010-0417
Helix Player and RealPlayer - Buffer Overflow in RuleBook Structure Handling
Title source: llmDescription
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0094.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38450
Various Sources mailing-list
x_refsource_mlist
http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html
Various Sources x_refsource_confirm
https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=561860
Scores
EPSS
0.0321
EPSS Percentile
87.2%
Details
CWE
CWE-119
Status
published
Products (2)
realnetworks/helix_player
1.0.6
realnetworks/realplayer
Published
Feb 18, 2010
Tracked Since
Feb 18, 2026