Vulnerability CVE-2010-4388 - CERT Civis.Net

Vulnerability Name:

CVE-2010-4388 (CCN-64016)

Assigned:

2010-12-10

Published:

2010-12-10

Updated:

2011-01-19

Summary:

The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-4388

Source: OSVDB
Type: UNKNOWN
69857

Source: OSVDB
Type: UNKNOWN
69858

Source: OSVDB
Type: UNKNOWN
69859

Source: CCN
Type: SA38550
RealPlayer Multiple Vulnerabilities

Source: CCN
Type: SA42333
RealPlayer Enterprise Multiple Vulnerabilities

Source: CCN
Type: SA42512
Mac RealPlayer Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1024861
RealPlayer Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code

Source: CCN
Type: RealNetworks Web Site
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities

Source: CONFIRM
Type: Vendor Advisory
http://service.real.com/realplayer/security/12102010_player/en/

Source: CCN
Type: OSVDB ID: 69857
RealPlayer Multiple Products Upsell.htm Component RealOneActiveXObject Process Remote Code Injection

Source: CCN
Type: OSVDB ID: 69858
RealPlayer Multiple Products Main.html Component RealOneActiveXObject Process Remote Code Injection

Source: CCN
Type: OSVDB ID: 69859
RealPlayer Multiple Products Custsupport.html Component RealOneActiveXObject Process Remote Code Injection

Source: SECTRACK
Type: UNKNOWN
1024861

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-276

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-277

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-278

Source: XF
Type: UNKNOWN
realplayer-custsupport-code-exec(64016)

Source: CCN
Type: ZDI-10-276
RealNetworks RealPlayer Upsell.htm getqsval Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-10-277
RealNetworks RealPlayer Main.html Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-10-278
RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*

Denotes that component is vulnerable