CVE-2010-3000

high

Description

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651

https://exchange.xforce.ibmcloud.com/vulnerabilities/61423

http://www.zerodayinitiative.com/advisories/ZDI-10-167

http://www.vupen.com/english/advisories/2010/2216

http://www.securitytracker.com/id?1024370

http://www.securityfocus.com/archive/1/513383/100/0/threaded

http://service.real.com/realplayer/security/08262010_player/en/

http://secunia.com/advisories/41154

http://secunia.com/advisories/41096

Details

Source: Mitre, NVD

Published: 2010-08-30

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High