CVE-2009-4248

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-4248
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://service.real.com/realplayer/security/01192010_player/en/ Patch Vendor Advisory
http://secunia.com/advisories/38218 Vendor Advisory
http://www.securityfocus.com/bid/37880
http://securitytracker.com/id?1023489 Patch
http://www.vupen.com/english/advisories/2010/0178 Patch Vendor Advisory
http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html
https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19
http://www.redhat.com/support/errata/RHSA-2010-0094.html
https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86
http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html
http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html
https://bugzilla.redhat.com/show_bug.cgi?id=561361
http://secunia.com/advisories/38450
https://exchange.xforce.ibmcloud.com/vulnerabilities/55801
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*
Information

Published : 2010-01-25 11:30

Updated : 2017-09-18 18:29

NVD link : CVE-2009-4248

Mitre link : CVE-2009-4248

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

realnetworks

  • realplayer_sp
  • realplayer_enterprise
  • helix_player
  • realplayer

microsoft

  • windows

apple

  • mac_os_x