Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-0375

Опубликовано: 08 фев. 2009
Источник: nvd
CVSS2: 9.3
EPSS Средний

Описание

Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.

Комментарий

Per http://www.fortiguardcenter.com/advisory/FGA-2009-04.html:

"It should be noted that the victim does not necessarily have to open the malicious file for exploitation to occur: the vulnerabilities lie in a DLL that is also used as a plugin for the Windows Explorer shell. A successful attack could take place by merely previewing the IVR file through Windows Explorer. "

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:realnetworks:realplayer:11:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.14318
Средний

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

redhat логотип

CVE-2009-0375

redhat
около 16 лет назад

Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.

github логотип

GHSA-x474-4899-v7hv

github
почти 4 года назад

Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.

EPSS

Процентиль: 94%
0.14318
Средний

9.3 Critical

CVSS2

Дефекты

CWE-94