CVE-2010-4389: Buffer Overflow
First published: Tue Dec 14 2010(Updated: )
Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.0.4 | |
| RealPlayer | =11.0.2 | |
| RealPlayer | =11.0.3 | |
| RealPlayer | =11.0.5 | |
| RealPlayer | =11.1 | |
| RealPlayer | =11.0.1 | |
| RealNetworks RealPlayer SP | =1.0.1 | |
| RealNetworks RealPlayer SP | =1.1.5 | |
| RealNetworks RealPlayer SP | =1.1.3 | |
| RealNetworks RealPlayer SP | =1.0.0 | |
| RealNetworks RealPlayer SP | =1.0.2 | |
| RealNetworks RealPlayer SP | =1.1 | |
| RealNetworks RealPlayer SP | =1.1.2 | |
| RealNetworks RealPlayer SP | =1.1.4 | |
| RealNetworks RealPlayer SP | =1.1.1 | |
| RealNetworks RealPlayer SP | =1.0.5 | |
| RealPlayer | =1.0.0 | |
| RealPlayer | =1.0.1 | |
| RealPlayer | =1.0.2 | |
| RealPlayer | =1.0.5 | |
| RealPlayer | =1.1 | |
| RealPlayer | =1.1.1 | |
| RealPlayer | =1.1.2 | |
| RealPlayer | =1.1.3 | |
| RealPlayer | =1.1.4 | |
| RealPlayer | =1.1.5 | |
| RealPlayer | =11.0.2.1744 | |
| Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-4389?
CVE-2010-4389 has been assigned a high severity due to its potential to allow remote code execution.
How do I fix CVE-2010-4389?
To fix CVE-2010-4389, update RealPlayer and RealPlayer SP to the latest versions that address this vulnerability.
Which versions of RealPlayer are affected by CVE-2010-4389?
CVE-2010-4389 affects RealPlayer versions 11.0 through 11.1 and RealPlayer SP versions 1.0 through 1.1.5.
Can CVE-2010-4389 be exploited remotely?
Yes, CVE-2010-4389 can be exploited remotely through a heap-based buffer overflow in the cook codec.
What type of vulnerability is CVE-2010-4389?
CVE-2010-4389 is classified as a heap-based buffer overflow vulnerability.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.0.4
- version/realplayer/11.0.2
- version/realplayer/11.0.3
- version/realplayer/11.0.5
- version/realplayer/11.1
- version/realplayer/11.0.1
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.1.5
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.0.5
- version/realplayer/1.0.0
- version/realplayer/1.0.1
- version/realplayer/1.0.2
- version/realplayer/1.0.5
- version/realplayer/1.1
- version/realplayer/1.1.1
- version/realplayer/1.1.2
- version/realplayer/1.1.3
- version/realplayer/1.1.4
- version/realplayer/1.1.5
- version/realplayer/11.0.2.1744
- vendor/linux
- canonical/linux kernel