CVE-2009-4243: Buffer Overflow
First published: Mon Jan 25 2010(Updated: )
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0.1 | |
| RealNetworks Helix Player Linux | =11.0.1 | |
| RealPlayer | =10.0 | |
| RealNetworks Helix Player Linux | =11.0.0 | |
| RealNetworks Helix Player Linux | =10.0 | |
| RealPlayer | =11.0.0 | |
| RealPlayer | =10.0 | |
| RealPlayer | =10.5 | |
| RealPlayer | =11.0 | |
| RealPlayer | =11.0.1 | |
| RealPlayer | =11.0.2 | |
| RealPlayer | =11.0.3 | |
| RealPlayer | =11.0.4 | |
| RealPlayer | =11.0.5 | |
| RealPlayer | ||
| RealPlayer | =1.0.0 | |
| RealPlayer | =1.0.1 | |
| Microsoft Windows Operating System | ||
| RealPlayer | =10.1 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/61967
- http://secunia.com/advisories/38218
- http://securitytracker.com/id?1023489
- http://service.real.com/realplayer/security/01192010_player/en/
- http://www.securityfocus.com/bid/37880
- http://www.vupen.com/english/advisories/2010/0178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55796
Frequently Asked Questions
What is the severity of CVE-2009-4243?
CVE-2009-4243 has been classified as a vulnerability allowing remote attackers to exploit crafted media files.
How do I fix CVE-2009-4243?
To fix CVE-2009-4243, update RealPlayer to the latest available version provided by RealNetworks.
Which versions of RealPlayer are affected by CVE-2009-4243?
CVE-2009-4243 affects RealPlayer versions 10, 10.5, 11.0.0 through 11.0.4, and certain versions of Helix Player.
What types of attacks can result from CVE-2009-4243?
CVE-2009-4243 may allow remote attackers to execute arbitrary code through crafted media files.
Is CVE-2009-4243 relevant for macOS and Windows users?
CVE-2009-4243 specifically affects Linux and certain versions of RealPlayer but does not impact macOS and Windows systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0.1
- canonical/realnetworks helix player linux
- version/realnetworks helix player linux/11.0.1
- version/realplayer/10.0
- version/realnetworks helix player linux/11.0.0
- version/realnetworks helix player linux/10.0
- version/realplayer/11.0.0
- version/realplayer/10.5
- version/realplayer/11.0
- version/realplayer/11.0.2
- version/realplayer/11.0.3
- version/realplayer/11.0.4
- version/realplayer/11.0.5
- version/realplayer/1.0.0
- version/realplayer/1.0.1
- vendor/microsoft
- canonical/microsoft windows operating system
- version/realplayer/10.1
- vendor/apple
- canonical/apple ios and macos