Vulnerability CVE-2010-3000
Published: 2010-08-30   Modified: 2012-02-13

Description:
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

See advisories in our WLB2 database:
Topic
Author
Date
Low
RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities
ZDI
31.08.2010
High
RealPlayer 11 FLV Parsing Integer Overflow
Abysssec
14.09.2010
High
RealPlayer 11.1 FLV Parsing Integer Overflow
Abysssec
15.09.2010

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Realnetworks -> Realplayer 
Realnetworks -> Realplayer sp 

 References:
http://service.real.com/realplayer/security/08262010_player/en/
http://www.securityfocus.com/archive/1/513383/100/0/threaded
http://www.securitytracker.com/id?1024370
http://www.vupen.com/english/advisories/2010/2216
http://www.zerodayinitiative.com/advisories/ZDI-10-167
https://exchange.xforce.ibmcloud.com/vulnerabilities/61423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651
Copyright 2024, cxsecurity.com

 

Back to Top