CVE-2010-4376
RealNetworks RealPlayer RTSP GIF Parsing Remote Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.
Desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.1, Mac RealPlayer v11.0 a v11.1 y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos ejecutar código arbitrario a través de un valor de Ancho de pantalla demasiado alto en la cabecera "Screen Descriptor" de un fichero GIF87a en un stream RTSP.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file.
The specific flaw exists in the parsing of GIF87a files over the streaming protocol RTSP. When specifying a large Screen Width size in the Screen Descriptor header a calculation on the destination heap chunks size is improperly checked for overflow. This leads to a smaller buffer being allocated and subsequently a heap overflow when processing the received data. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-12-02 CVE Reserved
- 2010-12-10 CVE Published
- 2024-08-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/45411 | Vdb Entry | |
| http://www.securitytracker.com/id?1024861 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-271 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://service.real.com/realplayer/security/12102010_player/en | 2011-01-19 | |
| https://access.redhat.com/security/cve/CVE-2010-4376 | 2010-02-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=662772 | 2010-02-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0 Search vendor "Realnetworks" for product "Realplayer" and version "11.0" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.5" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2.1744 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2.1744" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0 Search vendor "Realnetworks" for product "Realplayer" and version "11.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.0 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.2 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.5 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.1" | - |
Affected
| ||||||