CVE

Id
43000  
CVE No.
CVE-2010-0416  
Status
Candidate  
Description
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.  
Phase
Assigned (20100127)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
468748 43000 CVE-2010-0416 MLIST:[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1  View
468749 43000 CVE-2010-0416 URL:http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html  View
468750 43000 CVE-2010-0416 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=561856  View
468751 43000 CVE-2010-0416 CONFIRM:https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1  View
468752 43000 CVE-2010-0416 REDHAT:RHSA-2010:0094  View
468753 43000 CVE-2010-0416 URL:http://www.redhat.com/support/errata/RHSA-2010-0094.html  View
468754 43000 CVE-2010-0416 OVAL:oval:org.mitre.oval:def:10847  View
468755 43000 CVE-2010-0416 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10847  View
468756 43000 CVE-2010-0416 SECUNIA:38450  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
35363 JVNDB-2010-001143 Pidgin の libpurple におけるサービス運用妨害 (DoS) の脆弱性 Pidgin の Finch の libpurple には、XMPP マルチユーザチャットルームが使用されている場合、
シーケンスが含まれたニックネームを適切に解析しないため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。		 CVE-2010-0420 43000 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001143.html  View