cvelistv5 - cve-2009-4241

cve-2009-4241

Vulnerability from cvelistv5

Published

2010-01-25 19:00

Modified

2024-08-07 06:54

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/38218	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1023489
cve@mitre.org	http://service.real.com/realplayer/security/01192010_player/en/	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/509100/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/37880
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0178	Patch, Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-005/	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55794
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023489
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/01192010_player/en/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/509100/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37880
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0178	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-005/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55794

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:10.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-0178",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0178"
          },
          {
            "name": "realplayer-asmrulebook-bo(55794)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
          },
          {
            "name": "1023489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023489"
          },
          {
            "name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://service.real.com/realplayer/security/01192010_player/en/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
          },
          {
            "name": "38218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38218"
          },
          {
            "name": "37880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37880"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-0178",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0178"
        },
        {
          "name": "realplayer-asmrulebook-bo(55794)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
        },
        {
          "name": "1023489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023489"
        },
        {
          "name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://service.real.com/realplayer/security/01192010_player/en/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
        },
        {
          "name": "38218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38218"
        },
        {
          "name": "37880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37880"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-0178",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0178"
            },
            {
              "name": "realplayer-asmrulebook-bo(55794)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
            },
            {
              "name": "1023489",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023489"
            },
            {
              "name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
            },
            {
              "name": "http://service.real.com/realplayer/security/01192010_player/en/",
              "refsource": "CONFIRM",
              "url": "http://service.real.com/realplayer/security/01192010_player/en/"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
            },
            {
              "name": "38218",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38218"
            },
            {
              "name": "37880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37880"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4241",
    "datePublished": "2010-01-25T19:00:00",
    "dateReserved": "2009-12-09T00:00:00",
    "dateUpdated": "2024-08-07T06:54:10.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4241\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-01-25T19:30:00.980\",\"lastModified\":\"2024-11-21T01:09:13.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica  en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x,permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero con una estructura ASMRuleBook que provoca una error de memoria din\u00e1mica.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348F3214-E5C2-4D39-916F-1B0263D13F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F826B276-91E6-495E-B429-51B1C5ECB146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A732E6C-108F-447F-98B1-EA774A0537EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F948D474-2380-482C-8A63-88984AC2A86B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D2A323-5614-4569-AFE5-49CB99ACA279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74F2CA71-BD09-451C-931C-433024B6BF87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD002505-9F93-4243-BCF9-89421FDB7C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D7BB02-13EA-4F39-B751-DDF9AB50F868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"C9C8FE03-BB75-4F67-ADE4-891B6B956018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/509100/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55794\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/509100/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Specific affected release information can be found from RealNetworks at:\\r\\n\\r\\nhttp://service.real.com/realplayer/security/01192010_player/en/\"}}"
  }
}

gsd-2009-4241

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-4241

Aliases

CVE-2009-4241

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4241",
    "description": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.",
    "id": "GSD-2009-4241"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4241"
      ],
      "details": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.",
      "id": "GSD-2009-4241",
      "modified": "2023-12-13T01:19:45.928207Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4241",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2010-0178",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0178"
          },
          {
            "name": "realplayer-asmrulebook-bo(55794)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
          },
          {
            "name": "1023489",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023489"
          },
          {
            "name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
          },
          {
            "name": "http://service.real.com/realplayer/security/01192010_player/en/",
            "refsource": "CONFIRM",
            "url": "http://service.real.com/realplayer/security/01192010_player/en/"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
          },
          {
            "name": "38218",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38218"
          },
          {
            "name": "37880",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37880"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4241"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37880",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37880"
            },
            {
              "name": "1023489",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023489"
            },
            {
              "name": "38218",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38218"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
            },
            {
              "name": "ADV-2010-0178",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0178"
            },
            {
              "name": "http://service.real.com/realplayer/security/01192010_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://service.real.com/realplayer/security/01192010_player/en/"
            },
            {
              "name": "realplayer-asmrulebook-bo(55794)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
            },
            {
              "name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:48Z",
      "publishedDate": "2010-01-25T19:30Z"
    }
  }
}

Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of files with improperly defined ASMRuleBook structures. A controllable memory allocation allows for an attacker to corrupt heap memory. Attacker controlled data from the corrupt heap is later used as an object pointer which can be leveraged to execute arbitrary code in the context of the currently logged in user. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. RealPlayer is an online listening tool software that realizes real-time transmission of audio and video through streaming technology on the Internet. ----------------------------------------------------------------------

Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/

TITLE: RealPlayer Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA38218

VERIFY ADVISORY: http://secunia.com/advisories/38218/

DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system.

1) An unspecified error related to the RealPlayer ASM Rulebook can be exploited to cause a heap-based buffer overflow.

2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow.

3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding.

4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow.

5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow.

6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow.

7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow.

8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow".

9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow.

10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/

PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative

ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/

OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-005 January 21, 2010

-- CVE ID: CVE-2009-4241

-- Affected Vendors: RealNetworks

-- Affected Products: RealNetworks RealPlayer

-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5783.

-- Vendor Response: RealNetworks has issued an update to correct this vulnerability.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201001-0743",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "realplayer sp",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "1.0.1"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "11.0.5"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "11.0.4"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "11.0.3"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "11.0.2"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "11.0.1"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "realnetworks",
        "version": "10.5"
      },
      {
        "model": "realplayer sp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "1.0.0"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "10.0"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "realnetworks",
        "version": "11.0"
      },
      {
        "model": "helix player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "11.0.0"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "10.1"
      },
      {
        "model": "helix player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "10.0"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "*"
      },
      {
        "model": "helix player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "11.0.1"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realnetworks",
        "version": "11.0.0"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "(enterprise)"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "10"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "10.5"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "11"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "sp 1.0.0"
      },
      {
        "model": "realnetworks realplayer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "real",
        "version": "sp 1.0.1"
      },
      {
        "model": "realplayer",
        "scope": null,
        "trust": 0.7,
        "vendor": "realnetworks",
        "version": null
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "realplayer sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.0"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.7"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.6"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.5"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.2"
      },
      {
        "model": "realplayer enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1.1"
      },
      {
        "model": "realplayer enterprise",
        "scope": null,
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": null
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.331"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.503"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.481"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.412"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.396"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.352"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.325"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.0.305"
      },
      {
        "model": "realplayer for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.1.3114"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.9"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.8"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.7"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.6"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.5"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.4"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.3"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.2"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "1010.0.1"
      },
      {
        "model": "realplayer for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1741"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1698"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1675"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1663"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1483"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1348"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1235"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1069"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1059"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1056"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1053"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "10.5v6.0.12.1040"
      },
      {
        "model": "realplayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "realnetworks",
        "version": "11"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:realnetworks:realplayer",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint\u0027s Zero Day Initiative, and anonymous researchers working with TippingPoint\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-4241",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-4241",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2009-4241",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-41687",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-4241",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-4241",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2009-4241",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201001-258",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-41687",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of files with improperly defined ASMRuleBook structures. A controllable memory allocation allows for an attacker to corrupt heap  memory. Attacker controlled data from the corrupt heap is later used as an object pointer which can be leveraged to execute arbitrary code in the context of the currently logged in user. \nA remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nThe following are vulnerable:\nRealPlayer SP 1.0.0 through 1.0.1\nRealPlayer 11 11.0.0 through 11.0.5\nRealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741\nRealPlayer 10 and 10.1\nHelix Player 11.0.0 through 11.0.2. RealPlayer is an online listening tool software that realizes real-time transmission of audio and video through streaming technology on the Internet. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRealPlayer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38218\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38218/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in RealPlayer, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n1) An unspecified error related to the RealPlayer ASM Rulebook can be\nexploited to cause a heap-based buffer overflow. \n\n2) An unspecified error when processing GIF images can be exploited\nto cause a heap-based buffer overflow. \n\n3) A vulnerability is caused due to an unspecified error related to\nHTTP chunk encoding. \n\n4) An unspecified error within the RealPlayer SIPR codec can be\nexploited to cause a heap-based buffer overflow. \n\n5) An unspecified error when processing compressed GIF images can be\nexploited to cause a heap-based buffer overflow. \n\n6) An unspecified error within the RealPlayer SMIL parsing can be\nexploited to cause a heap-based buffer overflow. \n\n7) An unspecified error within the RealPlayer skin parsing can be\nexploited to cause a stack-based buffer overflow. \n\n8) An unspecified error related to the RealPlayer ASM RuleBook can be\nexploited to cause an \"array overflow\". \n\n9) An unspecified boundary error related to RealPlayer RTSP\n\"set_parameter\" can be exploited to cause a buffer overflow. \n\n10) Two vulnerabilities are caused due to errors within the\nprocessing of Internet Video Recording (IVR) files. Please see the vendor\u0027s advisory for\ndetails. \nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Evgeny Legerov\n* anonymous persons working with iDEFENSE Labs\n* John Rambo and anonymous researchers working with TippingPoint\u0027s\nZero Day Initiative\n\nORIGINAL ADVISORY:\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nOTHER REFERENCES:\nSA33810:\nhttp://secunia.com/advisories/33810/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-005\nJanuary 21, 2010\n\n-- CVE ID:\nCVE-2009-4241\n\n-- Affected Vendors:\nRealNetworks\n\n-- Affected Products:\nRealNetworks RealPlayer\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 5783. \n\n-- Vendor Response:\nRealNetworks has issued an update to correct this vulnerability. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85499"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-41687",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-4241",
        "trust": 3.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-005",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "37880",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "38218",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1023489",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0178",
        "trust": 2.5
      },
      {
        "db": "XF",
        "id": "55794",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-252",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20100121 ZDI-10-005: REALNETWORKS REALPLAYER ASMRULEBOOK REMOTE CODE EXECUTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-010",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-008",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-006",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-007",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "85499",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-41687",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "85439",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "id": "VAR-201001-0743",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:47:35.445000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Releases Update to Address Security Vulnerabilities",
        "trust": 0.8,
        "url": "http://service.real.com/realplayer/security/01192010_player/en"
      },
      {
        "title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9",
        "trust": 0.8,
        "url": "http://service.real.com/realplayer/security/01192010_player/ja/"
      },
      {
        "title": "RealPlayer11GOLD",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5474"
      },
      {
        "title": "RealPlayer11GOLD",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5473"
      },
      {
        "title": "RealPlayerSP",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5472"
      },
      {
        "title": "RealPlayerSPGold",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5471"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/37880"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1023489"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/38218"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2010/0178"
      },
      {
        "trust": 2.2,
        "url": "http://service.real.com/realplayer/security/01192010_player/en/"
      },
      {
        "trust": 2.0,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-005/"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/55794"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4241"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4241"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/509100/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
      },
      {
        "trust": 0.3,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839"
      },
      {
        "trust": 0.3,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837"
      },
      {
        "trust": 0.3,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838"
      },
      {
        "trust": 0.3,
        "url": "http://www.realnetworks.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-006/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-007/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-008/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-010/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509286"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509293"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509288"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509100"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509096"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509105"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509098"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/509104"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38218/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/71/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33810/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-005"
      },
      {
        "trust": 0.1,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4241"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "db": "BID",
        "id": "37880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "db": "PACKETSTORM",
        "id": "85499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-01-21T00:00:00",
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "date": "2010-01-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "date": "2010-01-20T00:00:00",
        "db": "BID",
        "id": "37880"
      },
      {
        "date": "2010-02-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "date": "2010-01-20T16:00:34",
        "db": "PACKETSTORM",
        "id": "85439"
      },
      {
        "date": "2010-01-22T06:34:17",
        "db": "PACKETSTORM",
        "id": "85499"
      },
      {
        "date": "2010-01-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "date": "2010-01-25T19:30:00.980000",
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-15T00:00:00",
        "db": "ZDI",
        "id": "ZDI-10-005"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41687"
      },
      {
        "date": "2010-07-13T20:27:00",
        "db": "BID",
        "id": "37880"
      },
      {
        "date": "2010-02-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      },
      {
        "date": "2010-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      },
      {
        "date": "2024-11-21T01:09:13.803000",
        "db": "NVD",
        "id": "CVE-2009-4241"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "85499"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Realnetworks RealPlayer Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001044"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201001-258"
      }
    ],
    "trust": 0.6
  }
}

ghsa-m24p-rj9w-p9gr

Vulnerability from github

Published

2022-05-02 03:53

Modified

2022-05-02 03:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-01-25T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.",
  "id": "GHSA-m24p-rj9w-p9gr",
  "modified": "2022-05-02T03:53:06Z",
  "published": "2022-05-02T03:53:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4241"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38218"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023489"
    },
    {
      "type": "WEB",
      "url": "http://service.real.com/realplayer/security/01192010_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37880"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0178"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2009-4241

Vulnerability from fkie_nvd

Published

2010-01-25 19:30

Modified

2024-11-21 01:09

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/38218	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1023489
cve@mitre.org	http://service.real.com/realplayer/security/01192010_player/en/	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/509100/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/37880
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0178	Patch, Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-005/	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/55794
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38218	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023489
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/01192010_player/en/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/509100/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37880
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0178	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-005/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/55794

Impacted products

Vendor	Product	Version
realnetworks	realplayer	10.0
realnetworks	realplayer	10.5
realnetworks	realplayer	11.0
realnetworks	realplayer	11.0.1
realnetworks	realplayer	11.0.2
realnetworks	realplayer	11.0.3
realnetworks	realplayer	11.0.4
realnetworks	realplayer	11.0.5
realnetworks	realplayer_enterprise	*
realnetworks	realplayer_sp	1.0.0
realnetworks	realplayer_sp	1.0.1
microsoft	windows	*
realnetworks	realplayer	10.0
realnetworks	realplayer	10.1
realnetworks	realplayer	11.0
realnetworks	realplayer	11.0.1
apple	mac_os_x	*
realnetworks	helix_player	10.0
realnetworks	helix_player	11.0.0
realnetworks	helix_player	11.0.1
realnetworks	realplayer	10.0
realnetworks	realplayer	11.0.0
realnetworks	realplayer	11.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica  en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x,permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero con una estructura ASMRuleBook que provoca una error de memoria din\u00e1mica."
    }
  ],
  "evaluatorComment": "Specific affected release information can be found from RealNetworks at:\r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
  "id": "CVE-2009-4241",
  "lastModified": "2024-11-21T01:09:13.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-01-25T19:30:00.980",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38218"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023489"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/01192010_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/01192010_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2009-4241

Vulnerability from cvelistv5

gsd-2009-4241

Vulnerability from gsd

var-201001-0743

Vulnerability from variot

ghsa-m24p-rj9w-p9gr

Vulnerability from github

fkie_cve-2009-4241

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature