CVE-2009-4247

Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."

Published: Jan 25, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-4247
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	10.0	10.0.x
realnetworks / realplayer	10.5	10.5.x
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.0.1	11.0.1.x
realnetworks / realplayer	11.0.2	11.0.2.x
realnetworks / realplayer	11.0.3	11.0.3.x
realnetworks / realplayer	11.0.4	11.0.4.x
realnetworks / realplayer	11.0.5	11.0.5.x
realnetworks / realplayer_enterprise	-	-
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer	10.1	10.1.x
realnetworks / helix_player	11.0.1	11.0.1.x
realnetworks / helix_player	11.0.0	11.0.0.x
realnetworks / helix_player	10.0	10.0.x
realnetworks / realplayer	11.0.0	11.0.0.x

Vulnerability Database

289,871

CVE-2009-4247