CVE-2010-4397
RealNetworks RealPlayer AAC TIT2 Atom Integer Overflow Remote Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.
Desbordamiento de entero en el módulo pnen3260.dll en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.1, Mac RealPlayer v11.0 hasta 11.1, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección a través de un atom TIT2 manipulado en un archivo AAC.
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists in RealPlayer's pnen3260.dll module while parsing the TIT2 atom within AAC files. The code within this module does not account for a negative size during an allocation and later uses the value as unsigned within a copy loop. Exploitation of this vulnerability allows an attacker to execute arbitrary code under the context of the user opening the AAC file.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-12-02 CVE Reserved
- 2010-12-10 CVE Published
- 2024-08-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/69856 | Vdb Entry | |
| http://www.securitytracker.com/id?1024861 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-269 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://service.real.com/realplayer/security/12102010_player/en | 2011-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0 Search vendor "Realnetworks" for product "Realplayer" and version "11.0" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.5" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2.1744 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2.1744" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0 Search vendor "Realnetworks" for product "Realplayer" and version "11.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.0 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.2 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.5 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.1" | - |
Affected
| ||||||