CVE-2010-3750

Опубликовано: 19 окт. 2010

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*

EPSS

Процентиль: 81%

0.01516

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-8qp7-fmmq-w5rq

github

больше 3 лет назад