mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
197 lines
6.3 KiB
JSON
197 lines
6.3 KiB
JSON
{
|
|
"id": "CVE-2010-0117",
|
|
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
|
|
"published": "2010-08-30T20:00:01.873",
|
|
"lastModified": "2017-09-19T01:30:14.127",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows no maneja apropiadamente las dimensiones durante las transformaciones YUV420, lo que puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de contenidos MP4 modificados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 9.3
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://secunia.com/advisories/41096",
|
|
"source": "PSIRT-CNA@flexerasoftware.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/41154",
|
|
"source": "PSIRT-CNA@flexerasoftware.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/secunia_research/2010-5/",
|
|
"source": "PSIRT-CNA@flexerasoftware.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://service.real.com/realplayer/security/08262010_player/en/",
|
|
"source": "PSIRT-CNA@flexerasoftware.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1024370",
|
|
"source": "PSIRT-CNA@flexerasoftware.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2010/2216",
|
|
"source": "PSIRT-CNA@flexerasoftware.com"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61421",
|
|
"source": "PSIRT-CNA@flexerasoftware.com"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169",
|
|
"source": "PSIRT-CNA@flexerasoftware.com"
|
|
}
|
|
]
|
|
} |