CVE-2010-0417

EUVD-2010-0448
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
realnetworkshelix_player
1.0.6
realnetworksrealplayer
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
helix-player
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
dne
maverick
dne
natty
dne
oneiric
dne
realplayer
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html
http://secunia.com/advisories/38450
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://bugzilla.redhat.com/show_bug.cgi?id=561860
https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364
http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html
http://secunia.com/advisories/38450
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://bugzilla.redhat.com/show_bug.cgi?id=561860
https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364