CVE-2010-3750

high

Description

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-212/

http://www.securityfocus.com/bid/44144

http://service.real.com/realplayer/security/10152010_player/en/

Details

Source: Mitre, NVD

Published: 2010-10-19

Updated: 2010-10-19

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High