CVE-2010-3000 - OpenCVE

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Realnetworks	Realplayer Realplayer Sp

Configuration 1 [-]

AND

OR	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/41096
http://secunia.com/advisories/41154
http://service.real.com/realplayer/security/08262010_player/en/
http://www.securityfocus.com/archive/1/513383/100/0/threaded
http://www.securitytracker.com/id?1024370
http://www.vupen.com/english/advisories/2010/2216
http://www.zerodayinitiative.com/advisories/ZDI-10-167
https://exchange.xforce.ibmcloud.com/vulnerabilities/61423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-08-30T19:00:00

Updated: 2024-08-07T02:55:46.403Z

Reserved: 2010-08-13T00:00:00

Link: CVE-2010-3000

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-08-30T20:00:02.640

Modified: 2018-10-10T20:00:42.423

Link: CVE-2010-3000

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object