CVE-2009-4257
published 2010-01-25CVE-2009-4257: Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.52%
94.4th percentile
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
RealPlayer: SMIL getAtom heap buffer overflow
vendor_redhat·2008-09-16·CVSS 9.3
CVE-2009-4257 [CRITICAL] CWE-122 RealPlayer: SMIL getAtom heap buffer overflow
RealPlayer: SMIL getAtom heap buffer overflow
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
GHSA
GHSA-3gv9-4xxv-89c6: Heap-based buffer overflow in datatype/smil/common/smlpkt
ghsa_unreviewed·2022-05-02
CVE-2009-4257 [HIGH] CWE-119 GHSA-3gv9-4xxv-89c6: Heap-based buffer overflow in datatype/smil/common/smlpkt
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-4257 HelixPlayer / RealPlayer: SMIL getAtom heap buffer overflow
bugzilla·2010-02-03·CVSS 9.3
CVE-2009-4257 [CRITICAL] CVE-2009-4257 HelixPlayer / RealPlayer: SMIL getAtom heap buffer overflow
CVE-2009-4257 HelixPlayer / RealPlayer: SMIL getAtom heap buffer overflow
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4257 to the following vulnerability:
Heap-based buffer overflow in smlrender.dll in RealNetworks RealPlayer 10,
RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through
11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10
and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute
arbitrary code via an SMIL file with crafted string lengths.
References:
http://service.real.com/realplayer/security/01192010_player/en/
http://www.zerodayinitiative.com/advisories/ZDI-10-007/
http://www.securityfocus.com/archive/1/509105/100/0/threaded
http://xforce.iss.net/xforce/xfdb/55798
Discussio
Bugzilla
HelixPlayer / RealPlayer: multiple security issues (01192010_player)
bugzilla·2010-01-29·CVSS 9.3
[CRITICAL] HelixPlayer / RealPlayer: multiple security issues (01192010_player)
HelixPlayer / RealPlayer: multiple security issues (01192010_player)
RealNetworks has published a security advisory mentioning 11 security issues affecting various RealPlayer / HelixPlayer versions:
http://service.real.com/realplayer/security/01192010_player/en/
Upstream advisory does not specify which issues should be applicable to HelixPlayer 1.0.x versions (Affected? By various).
Some of the issues are covered by 3rd party advisories (e.g. ZDI) listed below.
Vulnerability 1:
The identified vulnerability is a RealPlayer ASM Rulebook heap-based buffer overflow: CVE-2009-4241
http://www.zerodayinitiative.com/advisories/ZDI-10-005/
Vulnerability 2:
The identified vulnerability is a RealPlayer GIF file Heap Overflow: CVE-2009-4242
http://www.zerodayinitiative.com/advisories/ZDI-10-006/
http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.htmlhttp://secunia.com/advisories/38218http://secunia.com/advisories/38450http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.redhat.com/support/errata/RHSA-2010-0094.htmlhttp://www.securityfocus.com/archive/1/509105/100/0/threadedhttp://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178http://www.zerodayinitiative.com/advisories/ZDI-10-007/https://bugzilla.redhat.com/show_bug.cgi?id=561309https://exchange.xforce.ibmcloud.com/vulnerabilities/55798https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.htmlhttp://secunia.com/advisories/38218http://secunia.com/advisories/38450http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.redhat.com/support/errata/RHSA-2010-0094.htmlhttp://www.securityfocus.com/archive/1/509105/100/0/threadedhttp://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178http://www.zerodayinitiative.com/advisories/ZDI-10-007/https://bugzilla.redhat.com/show_bug.cgi?id=561309https://exchange.xforce.ibmcloud.com/vulnerabilities/55798https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110
2010-01-25
Published