| Vulnerability Name: | CVE-2009-4241 (CCN-55794) | ||||||||
| Assigned: | 2009-12-09 | ||||||||
| Published: | 2010-01-19 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. Specific affected release information can be found from RealNetworks at: http://service.real.com/realplayer/security/01192010_player/en/ | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-4241 Source: CCN Type: SA38218 RealPlayer Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 38218 Source: CCN Type: SECTRACK ID: 1023489 RealPlayer Buffer Overflows Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1023489 Source: CCN Type: RealNetworks Web Site RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. Source: CONFIRM Type: Patch, Vendor Advisory http://service.real.com/realplayer/security/01192010_player/en/ Source: CCN Type: OSVDB ID: 61965 RealNetworks Multiple Products Invalid ASMRuleBook Structure Overflow Source: BUGTRAQ Type: UNKNOWN 20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability Source: BID Type: UNKNOWN 37880 Source: CCN Type: BID-37880 Multiple RealNetworks Products Multiple Remote Vulnerabilities Source: VUPEN Type: Patch, Vendor Advisory ADV-2010-0178 Source: MISC Type: Patch http://www.zerodayinitiative.com/advisories/ZDI-10-005/ Source: XF Type: UNKNOWN realplayer-asmrulebook-bo(55794) Source: XF Type: UNKNOWN realplayer-asmrulebook-bo(55794) Source: CCN Type: ZDI-10-005 RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||