cbcvebase.
CVE-2009-4244
published 2010-01-25

CVE-2009-4244: Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer…

PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.26%
93.6th percentile
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.

Affected

15 ranges
VendorProductVersion rangeFixed in
realnetworkshelix_player
realnetworkshelix_player
realnetworkshelix_player
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer_sp
realnetworksrealplayer_sp

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.