CVE-2010-4375

critical

Description

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-266

http://www.securitytracker.com/id?1024861

http://www.redhat.com/support/errata/RHSA-2010-0981.html

http://service.real.com/realplayer/security/12102010_player/en/

Details

Source: Mitre, NVD

Published: 2010-12-14

Updated: 2011-01-26

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical