CVE-2010-0117

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.

Published: Aug 30, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0117
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.1	11.1.x
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer_sp	1.0.2	1.0.2.x
realnetworks / realplayer_sp	1.0.5	1.0.5.x
realnetworks / realplayer_sp	1.1	1.1.x
realnetworks / realplayer_sp	1.1.1	1.1.1.x
realnetworks / realplayer_sp	1.1.2	1.1.2.x
realnetworks / realplayer_sp	1.1.3	1.1.3.x
realnetworks / realplayer_sp	1.1.4	1.1.4.x

http://secunia.com/advisories/41096
http://secunia.com/advisories/41154
http://secunia.com/secunia_research/2010-5/
http://service.real.com/realplayer/security/08262010_player/en/
http://www.securitytracker.com/id?1024370
http://www.vupen.com/english/advisories/2010/2216
https://exchange.xforce.ibmcloud.com/vulnerabilities/61421
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169

Vulnerability Database

289,871

CVE-2010-0117