cpe:/a:realnetworks:helix_player:1.0.6::linux cpe:/a:realnetworks:realplayer:::linux CVE-2010-0416 2010-02-18T18:30:00.537-05:00 2017-09-18T21:30:22.860-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-02-19T14:53:00.000-05:00 SECUNIA 38450 IAVM IAVM:2010-A-0022 REDHAT RHSA-2010:0094 MLIST [common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=561856 CONFIRM https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1 Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.