CVE-2010-0416
published 2010-02-18CVE-2010-0416: Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.32%
95.4th percentile
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
RealNetworks RealPlayer 1.0.6 Unescape memory corruption (EDB-33620 / Nessus ID 44428)
vuldb·2026-05-01·CVSS 7.5
CVE-2010-0416 [HIGH] RealNetworks RealPlayer 1.0.6 Unescape memory corruption (EDB-33620 / Nessus ID 44428)
A vulnerability was found in RealNetworks RealPlayer 1.0.6. It has been rated as critical. This issue affects the function Unescape. Performing a manipulation results in memory corruption.
This vulnerability is identified as CVE-2010-0416. The attack can be initiated remotely. Additionally, an exploit exists.
GHSA
GHSA-mcf9-pq3p-q6q8: Buffer overflow in the Unescape function in common/util/hxurl
ghsa_unreviewed·2022-05-02
CVE-2010-0416 [HIGH] CWE-119 GHSA-mcf9-pq3p-q6q8: Buffer overflow in the Unescape function in common/util/hxurl
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
Red Hat
RealPlayer: URL unescape buffer overflow
vendor_redhat·2010-01-19·CVSS 7.5
CVE-2010-0416 [HIGH] RealPlayer: URL unescape buffer overflow
RealPlayer: URL unescape buffer overflow
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
No detection rules found.
http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.htmlhttp://secunia.com/advisories/38450http://www.redhat.com/support/errata/RHSA-2010-0094.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=561856https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.htmlhttp://secunia.com/advisories/38450http://www.redhat.com/support/errata/RHSA-2010-0094.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=561856https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847
2010-02-18
Published