var-201001-0746
Vulnerability from variot
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow.". Realnetworks RealPlayer Is ASM RuleBook There is a vulnerability in the processing of.Skillfully crafted by a third party ASM RuleBook Can cause effects related to array overflow. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Successful exploits will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. RealNetworks RealNetworks RealPlayer is a set of media player products developed by RealNetworks in the United States. The product provides features for downloading/converting videos (in web pages), editing videos, managing media files, and more. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/
TITLE: RealPlayer Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA38218
VERIFY ADVISORY: http://secunia.com/advisories/38218/
DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system.
2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow.
3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding.
4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow.
5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow.
6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow.
7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow.
9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow.
10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative
ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/
OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
For more information: SA38218
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0746",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "realplayer",
"scope": "eq",
"trust": 1.9,
"vendor": "realnetworks",
"version": "11.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.0"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.0"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.0"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.1"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.0"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "1.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.5"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.4"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.3"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.2"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "10.5"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 1.0,
"vendor": "realnetworks",
"version": "1.0.0"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "realnetworks",
"version": "*"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "(enterprise)"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "10"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "10.5"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "11"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "sp 1.0.0"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "sp 1.0.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.0"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.7"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.6"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.5"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.2"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.1"
},
{
"model": "realplayer enterprise",
"scope": null,
"trust": 0.3,
"vendor": "realnetworks",
"version": null
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.331"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.503"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.481"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.412"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.396"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.352"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.325"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.305"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.1.3114"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.9"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.8"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.7"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.6"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.5"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.4"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.3"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.2"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.1"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1741"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1698"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1675"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1663"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1483"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1348"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1235"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1069"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1059"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1056"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1053"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1040"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "11"
}
],
"sources": [
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:realnetworks:realplayer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint\u0027s Zero Day Initiative, and anonymous researchers working with TippingPoint\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "37880"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
}
],
"trust": 0.9
},
"cve": "CVE-2009-4247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-4247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-41693",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4247",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-4247",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-250",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-41693",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41693"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\". Realnetworks RealPlayer Is ASM RuleBook There is a vulnerability in the processing of.Skillfully crafted by a third party ASM RuleBook Can cause effects related to array overflow. \nA remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Successful exploits will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following are vulnerable:\nRealPlayer SP 1.0.0 through 1.0.1\nRealPlayer 11 11.0.0 through 11.0.5\nRealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741\nRealPlayer 10 and 10.1\nHelix Player 11.0.0 through 11.0.2. RealNetworks RealNetworks RealPlayer is a set of media player products developed by RealNetworks in the United States. The product provides features for downloading/converting videos (in web pages), editing videos, managing media files, and more. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRealPlayer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38218\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38218/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in RealPlayer, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n2) An unspecified error when processing GIF images can be exploited\nto cause a heap-based buffer overflow. \n\n3) A vulnerability is caused due to an unspecified error related to\nHTTP chunk encoding. \n\n4) An unspecified error within the RealPlayer SIPR codec can be\nexploited to cause a heap-based buffer overflow. \n\n5) An unspecified error when processing compressed GIF images can be\nexploited to cause a heap-based buffer overflow. \n\n6) An unspecified error within the RealPlayer SMIL parsing can be\nexploited to cause a heap-based buffer overflow. \n\n7) An unspecified error within the RealPlayer skin parsing can be\nexploited to cause a stack-based buffer overflow. \n\n9) An unspecified boundary error related to RealPlayer RTSP\n\"set_parameter\" can be exploited to cause a buffer overflow. \n\n10) Two vulnerabilities are caused due to errors within the\nprocessing of Internet Video Recording (IVR) files. Please see the vendor\u0027s advisory for\ndetails. \nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Evgeny Legerov\n* anonymous persons working with iDEFENSE Labs\n* John Rambo and anonymous researchers working with TippingPoint\u0027s\nZero Day Initiative\n\nORIGINAL ADVISORY:\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nOTHER REFERENCES:\nSA33810:\nhttp://secunia.com/advisories/33810/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nFor more information:\nSA38218\n\nSOLUTION:\nUpdated packages are available via Red Hat Network",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4247"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "VULHUB",
"id": "VHN-41693"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "37880",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2009-4247",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "38218",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1023489",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2010-0178",
"trust": 2.5
},
{
"db": "XF",
"id": "55802",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "38450",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250",
"trust": 0.7
},
{
"db": "REDHAT",
"id": "RHSA-2010:0094",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[PROTOCOL-CVS] 20090828 RTSP RTSPCLNT.CPP,1.244,1.245",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[HELIX-CLIENT-DEV] 20090828 CR: 249097 - SECURITY FIX - URGENT CR REQUESTED",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-10-010",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-008",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-006",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-005",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-007",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-41693",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "85439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86184",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41693"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"id": "VAR-201001-0746",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41693"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:47:35.684000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Releases Update to Address Security Vulnerabilities",
"trust": 0.8,
"url": "http://service.real.com/realplayer/security/01192010_player/en"
},
{
"title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9",
"trust": 0.8,
"url": "http://service.real.com/realplayer/security/01192010_player/ja/"
},
{
"title": "RHSA-2010:0094",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2010-0094.html"
},
{
"title": "cve_2009_4247_buffer_overflow",
"trust": 0.8,
"url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
},
{
"title": "RealPlayer11GOLD",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5474"
},
{
"title": "RealPlayer11GOLD",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5473"
},
{
"title": "RealPlayerSP",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5472"
},
{
"title": "RealPlayerSPGold",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5471"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41693"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/37880"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1023489"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/38218"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"trust": 2.1,
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"trust": 1.7,
"url": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245"
},
{
"trust": 1.7,
"url": "http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-august/008092.html"
},
{
"trust": 1.7,
"url": "http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-august/001943.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0094.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/55802"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10677"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38450"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55802"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4247"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4247"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838"
},
{
"trust": 0.3,
"url": "http://www.realnetworks.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-005/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-006/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-007/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-008/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-010/"
},
{
"trust": 0.3,
"url": "/archive/1/509286"
},
{
"trust": 0.3,
"url": "/archive/1/509293"
},
{
"trust": 0.3,
"url": "/archive/1/509288"
},
{
"trust": 0.3,
"url": "/archive/1/509100"
},
{
"trust": 0.3,
"url": "/archive/1/509096"
},
{
"trust": 0.3,
"url": "/archive/1/509105"
},
{
"trust": 0.3,
"url": "/archive/1/509098"
},
{
"trust": 0.3,
"url": "/archive/1/509104"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/38218/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/71/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33810/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38450/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2010-0094.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41693"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41693"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-41693"
},
{
"date": "2010-01-20T00:00:00",
"db": "BID",
"id": "37880"
},
{
"date": "2010-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"date": "2010-01-20T16:00:34",
"db": "PACKETSTORM",
"id": "85439"
},
{
"date": "2010-02-11T10:10:16",
"db": "PACKETSTORM",
"id": "86184"
},
{
"date": "2010-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"date": "2010-01-25T19:30:01.510000",
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-41693"
},
{
"date": "2010-07-13T20:27:00",
"db": "BID",
"id": "37880"
},
{
"date": "2010-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001053"
},
{
"date": "2011-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-250"
},
{
"date": "2024-11-21T01:09:14.620000",
"db": "NVD",
"id": "CVE-2009-4247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Realnetworks RealPlayer In ASM RuleBook Processing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001053"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-250"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.