CVE-2009-4246
published 2010-01-25CVE-2009-4246: Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.36%
93.6th percentile
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g48q-45gx-gw95: Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10
ghsa_unreviewed·2022-05-02
CVE-2009-4246 [HIGH] CWE-119 GHSA-g48q-45gx-gw95: Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
Red Hat
RealPlayer: multiple security issues (01192010_player)
vendor_redhat·2010-01-19·CVSS 9.3
CVE-2009-4246 [CRITICAL] RealPlayer: multiple security issues (01192010_player)
RealPlayer: multiple security issues (01192010_player)
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/38218http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/archive/1/509104/100/0/threadedhttp://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178http://www.zerodayinitiative.com/advisories/ZDI-10-010/https://exchange.xforce.ibmcloud.com/vulnerabilities/55799http://secunia.com/advisories/38218http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/archive/1/509104/100/0/threadedhttp://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178http://www.zerodayinitiative.com/advisories/ZDI-10-010/https://exchange.xforce.ibmcloud.com/vulnerabilities/55799
2010-01-25
Published