CVE-2011-4258
published 2011-11-24CVE-2011-4258: RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.70%
88.4th percentile
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realplayer | <= 14.0.7 | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [mrg-1.3]
bugzilla·2010-12-03·CVSS 6.2
CVE-2010-4258 [MEDIUM] CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [mrg-1.3]
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [mrg-1.3]
Verified by code review.
Found bz659574_CVE-2010-4258-do_exit-check-is-run-with-get_fs-USER_DS.patch applied to kernel-rt-2.6.33.7-rt29.52.src.rpm, from upstream commit 33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2011-0330.html
Bugzilla
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]
bugzilla·2010-12-03·CVSS 6.2
CVE-2010-4258 [MEDIUM] CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]
Confirmed that patch has been added to latest kernel-2.6.18-238.el5.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2011-0017.html
Bugzilla
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z]
bugzilla·2010-12-03·CVSS 6.2
CVE-2010-4258 [MEDIUM] CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z]
CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z]
A patch addressing this issue has been included in kernel 2.6.9-89.34.1.EL.
Discussion:
Reproduced in 2.6.9-89.33.EL and -89.34.EL. Verified in 2.6.9-89.34.1.EL.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2011-0162.html
2011-11-24
Published