CVE-2010-4392

Sažetak

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations.

Reference

http://osvdb.org/69852
http://service.real.com/realplayer/security/12102010_player/en/
http://www.redhat.com/support/errata/RHSA-2010-0981.html
http://www.securitytracker.com/id?1024861
http://www.zerodayinitiative.com/advisories/ZDI-10-280

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

26-01-2011 - 06:52

Objavljeno

14-12-2010 - 16:00