First published: Mon Jan 31 2011(Updated: )
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RealPlayer | =11.0 | |
RealPlayer | =11.1 | |
RealPlayer | =14.0.1 | |
RealPlayer | =14.0.0 | |
RealNetworks RealPlayer SP | =1.0.1 | |
RealNetworks RealPlayer SP | =1.1.5 | |
RealNetworks RealPlayer SP | =1.1.3 | |
RealNetworks RealPlayer SP | =1.0.0 | |
RealNetworks RealPlayer SP | =1.0.2 | |
RealNetworks RealPlayer SP | =1.1 | |
RealNetworks RealPlayer SP | =1.1.2 | |
RealNetworks RealPlayer SP | =1.1.4 | |
RealNetworks RealPlayer SP | =1.1.1 | |
RealNetworks RealPlayer SP | =1.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-4393 has been classified as a critical vulnerability due to its potential to allow remote code execution.
To remediate CVE-2010-4393, users should update to the latest version of RealPlayer that addresses this vulnerability.
CVE-2010-4393 affects RealPlayer versions 11.0, 11.1, and 14.0.x before 14.0.2, as well as RealPlayer SP versions 1.0 to 1.1.5.
Yes, CVE-2010-4393 can be exploited remotely without user interaction through specially crafted AVI files.
Exploiting CVE-2010-4393 can lead to arbitrary code execution, potentially compromising the affected system.