Vulnerability Details CVE-2010-2996
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.092
EPSS Ranking 92.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/41154
- http://service.real.com/realplayer/security/08262010_player/en/
- http://www.securityfocus.com/archive/1/513381/100/0/threaded
- http://www.securitytracker.com/id?1024370
- http://www.vupen.com/english/advisories/2010/2216
- http://www.zerodayinitiative.com/advisories/ZDI-10-166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61425
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6703
- http://secunia.com/advisories/41154
- http://service.real.com/realplayer/security/08262010_player/en/
- http://www.securityfocus.com/archive/1/513381/100/0/threaded
- http://www.securitytracker.com/id?1024370
- http://www.vupen.com/english/advisories/2010/2216
- http://www.zerodayinitiative.com/advisories/ZDI-10-166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61425
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6703
Products affected by CVE-2010-2996
-
cpe:2.3:a:realnetworks:realplayer:11.0
-
cpe:2.3:a:realnetworks:realplayer:11.1
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista