CVE-2010-4392
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted ImageMap Data
Title source: llmDescription
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-280
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0981.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024861
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/69852
Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/12102010_player/en/
Scores
EPSS
0.0527
EPSS Percentile
90.1%
Details
CWE
CWE-119
Status
published
Products (20)
realnetworks/realplayer
11.0
realnetworks/realplayer
11.0.1
realnetworks/realplayer
11.0.2
realnetworks/realplayer
11.0.3
realnetworks/realplayer
11.0.4
realnetworks/realplayer
11.0.5
realnetworks/realplayer
11.1
realnetworks/realplayer
11.0.2.1744
realnetworks/realplayer
2.1.2
realnetworks/realplayer
2.1.3
... and 10 more
Published
Dec 14, 2010
Tracked Since
Feb 18, 2026