Vulnerabilities > CVE-2010-3000 - Numeric Errors vulnerability in Realnetworks Realplayer and Realplayer SP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | MOAUB #13 - RealPlayer FLV Parsing Integer Overflow. CVE-2010-3000. Dos exploit for windows platform |
| id | EDB-ID:14992 |
| last seen | 2016-02-01 |
| modified | 2010-09-13 |
| published | 2010-09-13 |
| reporter | Abysssec |
| source | https://www.exploit-db.com/download/14992/ |
| title | RealPlayer - FLV Parsing Integer Overflow |
Nessus
| NASL family | Windows |
| NASL id | REALPLAYER_12_0_0_879.NASL |
| description | According to its build number, the installed version of RealPlayer on the remote Windows host has multiple buffer overflow vulnerabilities : - A RealPlayer malformed |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 48907 |
| published | 2010-08-27 |
| reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/48907 |
| title | RealPlayer for Windows < Build 12.0.0.879 Multiple Vulnerabilities |
Oval
| accepted | 2010-11-01T04:00:03.580-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| definition_extensions |
| ||||
| description | Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. | ||||
| family | windows | ||||
| id | oval:org.mitre.oval:def:6651 | ||||
| status | accepted | ||||
| submitted | 2010-09-22T01:48:18 | ||||
| title | Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 | ||||
| version | 5 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/93807/moaub-realplayer.txt |
| id | PACKETSTORM:93807 |
| last seen | 2016-12-05 |
| published | 2010-09-14 |
| reporter | Abysssec |
| source | https://packetstormsecurity.com/files/93807/Month-Of-Abysssec-Undisclosed-Bugs-RealPlayer.html |
| title | Month Of Abysssec Undisclosed Bugs - RealPlayer |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:69834 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-69834 |
| title | RealPlayer - FLV Parsing Integer Overflow |
References
- http://secunia.com/advisories/41096
- http://secunia.com/advisories/41154
- http://service.real.com/realplayer/security/08262010_player/en/
- http://www.securityfocus.com/archive/1/513383/100/0/threaded
- http://www.securitytracker.com/id?1024370
- http://www.vupen.com/english/advisories/2010/2216
- http://www.zerodayinitiative.com/advisories/ZDI-10-167
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61423
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651