| Vulnerability Name: | CVE-2009-0376 (CCN-48568) | ||||||||
| Assigned: | 2009-02-05 | ||||||||
| Published: | 2009-02-05 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. | ||||||||
| CVSS v3 Severity: | 9.4 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:P/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0376 Source: CCN Type: SA33810 RealPlayer IVR File Processing Two Vulnerabilities Source: SECUNIA Type: UNKNOWN 33810 Source: CCN Type: SA38218 RealPlayer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 38218 Source: CCN Type: RealNetworks Web Site RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. Source: CONFIRM Type: UNKNOWN http://service.real.com/realplayer/security/01192010_player/en/ Source: CCN Type: FortiGuard Advisory (FGA-2009-04) Fortinet discovers multiple vulnerabilities in RealNetworks' RealPlayer Source: MISC Type: UNKNOWN http://www.fortiguardcenter.com/advisory/FGA-2009-04.html Source: CCN Type: OSVDB ID: 54298 RealPlayer Internet Video Recording (IVR) File Handling Unspecified Heap Corruption Arbitrary Code Execution Source: CCN Type: RealPlayer Web site RealPlayer Source: BUGTRAQ Type: UNKNOWN 20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities Source: BUGTRAQ Type: UNKNOWN 20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability Source: BID Type: UNKNOWN 33652 Source: CCN Type: BID-33652 RealNetworks RealPlayer IVR File Parsing Multiple Buffer Overflow Vulnerabilities Source: CCN Type: BID-37880 Multiple RealNetworks Products Multiple Remote Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2010-0178 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-10-009/ Source: XF Type: UNKNOWN realplayer-ivr-code-execution(48568) Source: XF Type: UNKNOWN realplayer-ivr-code-execution(48568) Source: CCN Type: ZDI-10-009 RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||