CVE-2010-4393

Published: Jan 31, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file.

Affected (14)

Products: Realnetworks: Realplayer, Realplayer Sp

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Version 11.0
Realnetworks Realplayer	Version 11.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Version 14.0.0
Realnetworks Realplayer	Version 14.0.1

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer Sp	Version 1.0.0
Realnetworks Realplayer Sp	Version 1.0.1
Realnetworks Realplayer Sp	Version 1.0.2
Realnetworks Realplayer Sp	Version 1.0.5
Realnetworks Realplayer Sp	Version 1.1.1
Realnetworks Realplayer Sp	Version 1.1.2
Realnetworks Realplayer Sp	Version 1.1.3
Realnetworks Realplayer Sp	Version 1.1.4
Realnetworks Realplayer Sp	Version 1.1.5
Realnetworks Realplayer Sp	Version 1.1

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (16)

http://osvdb.org/70682

Source: cve@mitre.org

http://secunia.com/advisories/43098

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1024998

Source: cve@mitre.org

http://service.real.com/realplayer/security/01272011_player/en/

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/46047

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0240

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-033/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/64960

Source: cve@mitre.org

http://osvdb.org/70682

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43098

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1024998

Source: af854a3a-2127-422b-91ae-364da2661108

http://service.real.com/realplayer/security/01272011_player/en/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/46047

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0240

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-033/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/64960

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.