CVE-2010-0417

Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
realnetworkshelix_player
1.0.6
realnetworksrealplayer
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
helix-player
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
realplayer
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
Common Weakness Enumeration
References
http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html
http://secunia.com/advisories/38450
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://bugzilla.redhat.com/show_bug.cgi?id=561860
https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364
http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html
http://secunia.com/advisories/38450
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://bugzilla.redhat.com/show_bug.cgi?id=561860
https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364