CVE-2010-0416

Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
realnetworkshelix_player
1.0.6
realnetworksrealplayer
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
helix-player
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
realplayer
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
Common Weakness Enumeration
References
http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html
http://secunia.com/advisories/38450
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://bugzilla.redhat.com/show_bug.cgi?id=561856
https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847
http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html
http://secunia.com/advisories/38450
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://bugzilla.redhat.com/show_bug.cgi?id=561856
https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847