CVE-2009-4241
published 2010-01-25CVE-2009-4241: Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.06%
93.4th percentile
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
RealPlayer: multiple security issues (01192010_player)
vendor_redhat·2010-01-19·CVSS 9.3
CVE-2009-4241 [CRITICAL] RealPlayer: multiple security issues (01192010_player)
RealPlayer: multiple security issues (01192010_player)
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.
VulDB
RealNetworks RealPlayer up to 11.0.5 memory corruption (Nessus ID 44119 / ID 116821)
vuldb·2026-04-29·CVSS 9.3
CVE-2009-4241 [CRITICAL] RealNetworks RealPlayer up to 11.0.5 memory corruption (Nessus ID 44119 / ID 116821)
A vulnerability classified as critical has been found in RealNetworks RealPlayer up to 11.0.5. This vulnerability affects unknown code. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2009-4241. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-m24p-rj9w-p9gr: Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10
ghsa_unreviewed·2022-05-02
CVE-2009-4241 [HIGH] CWE-119 GHSA-m24p-rj9w-p9gr: Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/38218http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/archive/1/509100/100/0/threadedhttp://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178http://www.zerodayinitiative.com/advisories/ZDI-10-005/https://exchange.xforce.ibmcloud.com/vulnerabilities/55794http://secunia.com/advisories/38218http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/archive/1/509100/100/0/threadedhttp://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178http://www.zerodayinitiative.com/advisories/ZDI-10-005/https://exchange.xforce.ibmcloud.com/vulnerabilities/55794
2010-01-25
Published