Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-4242

Published: 25/01/2010 Updated: 10/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Realnetworks

Vulnerability Summary

Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 up to and including 6.0.12.1741; RealPlayer 11 11.0.0 up to and including 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote malicious users to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.

Vulnerable Product Search on Vulmon Subscribe to Product

realnetworks realplayer_sp 1.0.1

realnetworks realplayer 11.0.1

realnetworks realplayer_enterprise

realnetworks realplayer_sp 1.0.0

realnetworks realplayer 10.5

realnetworks realplayer 10.0

realnetworks realplayer 11.0.5

realnetworks realplayer 11.0

realnetworks realplayer 11.0.2

realnetworks realplayer 11.0.3

realnetworks realplayer 11.0.4

realnetworks realplayer 10.1

realnetworks helix player 11.0.0

realnetworks helix player 10.0

realnetworks helix player 11.0.1

realnetworks realplayer 11.0.0

Vendor Advisories

Red Hat: Critical: HelixPlayer security update
Synopsis Critical: HelixPlayer security update Type/Severity Security Advisory: Critical Topic An updated HelixPlayer package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 4This update has been rated as having critical security impact by the RedHat Security Response Team ...

References

CWE-119http://www.vupen.com/english/advisories/2010/0178http://secunia.com/advisories/38218http://www.zerodayinitiative.com/advisories/ZDI-10-006/http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/bid/37880http://securitytracker.com/id?1023489http://osvdb.org/61966http://www.redhat.com/support/errata/RHSA-2010-0094.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=561436http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.htmlhttps://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8http://secunia.com/advisories/38450https://exchange.xforce.ibmcloud.com/vulnerabilities/55795https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144http://www.securityfocus.com/archive/1/509096/100/0/threadedhttps://access.redhat.com/errata/RHSA-2010:0094https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook