VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 25, 2010· Updated Apr 29, 2026

CVE-2009-4248

CVE-2009-4248

Description

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.

Affected products

18
  • RealNetworks/Helix Player3 versions
    cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*
  • RealNetworks/Realplayer12 versions
    cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
  • RealNetworks/Realplayer Enterprise
    cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*
  • RealNetworks/Realplayer Sp2 versions
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.