CVE

Id
46331  
CVE No.
CVE-2010-3747  
Status
Candidate  
Description
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.  
Phase
Assigned (20101005)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
505158 46331 CVE-2010-3747 MISC:http://www.zerodayinitiative.com/advisories/ZDI-10-210/  View
505159 46331 CVE-2010-3747 CONFIRM:http://service.real.com/realplayer/security/10152010_player/en/  View
505160 46331 CVE-2010-3747 BID:44144  View
505161 46331 CVE-2010-3747 URL:http://www.securityfocus.com/bid/44144  View
505162 46331 CVE-2010-3747 SREASON:8147  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
36498 JVNDB-2010-002278 RealNetworks RealPlayer の ActiveX コントロールにおけるヒープベースのバッファオーバーフローの脆弱性 RealNetworks RealPlayer の ActiveX コントロールには、ヒープベースのバッファオーバーフローの脆弱性が存在します。 CVE-2010-3751 46331 9.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002278.html  View