CVE-2009-4244

Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.

Published: Jan 25, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-4244
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	10.0	10.0.x
realnetworks / realplayer	10.5	10.5.x
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.0.1	11.0.1.x
realnetworks / realplayer	11.0.2	11.0.2.x
realnetworks / realplayer	11.0.3	11.0.3.x
realnetworks / realplayer	11.0.4	11.0.4.x
realnetworks / realplayer	11.0.5	11.0.5.x
realnetworks / realplayer_enterprise	-	-
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer	10.1	10.1.x
realnetworks / helix_player	11.0.1	11.0.1.x
realnetworks / helix_player	11.0.0	11.0.0.x
realnetworks / helix_player	10.0	10.0.x
realnetworks / realplayer	11.0.0	11.0.0.x

Vulnerability Database

289,871

CVE-2009-4244