CVE-2010-2579
First published: Tue Dec 14 2010(Updated: )
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.0.4 | |
| RealPlayer | =11.0.2 | |
| RealPlayer | =11.0.3 | |
| RealPlayer | =11.0.5 | |
| RealPlayer | =11.1 | |
| RealPlayer | =11.0.1 | |
| RealNetworks RealPlayer SP | =1.0.1 | |
| RealNetworks RealPlayer SP | =1.1.3 | |
| RealNetworks RealPlayer SP | =1.0.0 | |
| RealNetworks RealPlayer SP | =1.0.2 | |
| RealNetworks RealPlayer SP | =1.1 | |
| RealNetworks RealPlayer SP | =1.1.2 | |
| RealNetworks RealPlayer SP | =1.1.4 | |
| RealNetworks RealPlayer SP | =1.1.1 | |
| RealNetworks RealPlayer SP | =1.0.5 | |
| RealPlayer | =1.0.0 | |
| RealPlayer | =1.0.1 | |
| RealPlayer | =1.0.2 | |
| RealPlayer | =1.0.5 | |
| RealPlayer | =1.1 | |
| RealPlayer | =1.1.1 | |
| RealPlayer | =1.1.2 | |
| RealPlayer | =1.1.3 | |
| RealPlayer | =1.1.4 | |
| Apple iOS and macOS | ||
| RealPlayer | =11.0.2.1744 | |
| Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2579?
CVE-2010-2579 has been classified with high severity due to the potential for arbitrary memory access leading to exploitation.
How do I fix CVE-2010-2579?
The recommended fix for CVE-2010-2579 is to update to the patched versions of RealPlayer that address this vulnerability.
Which versions of RealPlayer are affected by CVE-2010-2579?
CVE-2010-2579 affects RealPlayer versions from 11.0 through 11.1, including various SP versions.
Can CVE-2010-2579 lead to remote code execution?
Yes, CVE-2010-2579 can enable remote code execution if successfully exploited.
Is there a workaround for CVE-2010-2579 while waiting for a patch?
There are currently no recommended workarounds for CVE-2010-2579, and updating to the latest version is advised.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.0.4
- version/realplayer/11.0.2
- version/realplayer/11.0.3
- version/realplayer/11.0.5
- version/realplayer/11.1
- version/realplayer/11.0.1
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.0.5
- version/realplayer/1.0.0
- version/realplayer/1.0.1
- version/realplayer/1.0.2
- version/realplayer/1.0.5
- version/realplayer/1.1
- version/realplayer/1.1.1
- version/realplayer/1.1.2
- version/realplayer/1.1.3
- version/realplayer/1.1.4
- vendor/apple
- canonical/apple ios and macos
- version/realplayer/11.0.2.1744
- vendor/linux
- canonical/linux kernel