CVE-2010-0117

critical

Description

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169

https://exchange.xforce.ibmcloud.com/vulnerabilities/61421

http://www.vupen.com/english/advisories/2010/2216

http://www.securitytracker.com/id?1024370

http://service.real.com/realplayer/security/08262010_player/en/

http://secunia.com/secunia_research/2010-5/

http://secunia.com/advisories/41154

http://secunia.com/advisories/41096

Details

Source: Mitre, NVD

Published: 2010-08-30

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05254

Detections

Analytics