Vulnerability Name: CVE-2009-4243 (CCN-55796) Assigned: 2009-12-09 Published: 2010-01-19 Updated: 2017-08-17 Summary: RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2009-4243 61967 RealPlayer Multiple Vulnerabilities 38218 RealPlayer Buffer Overflows Let Remote Users Execute Arbitrary Code 1023489 RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. http://service.real.com/realplayer/security/01192010_player/en/ RealNetworks Multiple Products Crafted Media File HTTP Chunked Transfer Overflow 37880 Multiple RealNetworks Products Multiple Remote Vulnerabilities ADV-2010-0178 realplayer-httpchunk-bo(55796) realplayer-httpchunk-bo(55796) RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.5:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration 2 :cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.1:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:* AND cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* Configuration 3 :cpe:/a:realnetworks:helix_player:10.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:* Configuration CCN 1 :cpe:/a:real:realplayer:10.1:*:*:*:*:*:*:* Oval Definitions BACK
realnetworks realplayer 10.0
realnetworks realplayer 10.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.2
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.5
realnetworks realplayer enterprise *
realnetworks realplayer sp 1.0.0
realnetworks realplayer sp 1.0.1
microsoft windows *
realnetworks realplayer 10.0
realnetworks realplayer 10.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.1
apple mac os x *
realnetworks helix player 10.0
realnetworks helix player 11.0.0
realnetworks helix player 11.0.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0.1
real realplayer 10.1
Denotes that component is vulnerable