CVE-2010-4394

RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Long Server Header in RealPix File Parsing

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024861
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-282
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/69853

Scores

EPSS 0.0153
EPSS Percentile 81.6%

Details

CWE
CWE-119
Status published
Products (17)
realnetworks/realplayer 11.0
realnetworks/realplayer 11.0.1
realnetworks/realplayer 11.0.2
realnetworks/realplayer 11.0.3
realnetworks/realplayer 11.0.4
realnetworks/realplayer 11.0.5
realnetworks/realplayer 11.1
realnetworks/realplayer_sp 1.0.0
realnetworks/realplayer_sp 1.0.1
realnetworks/realplayer_sp 1.0.2
... and 7 more
Published Dec 14, 2010
Tracked Since Feb 18, 2026