Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 up to and including 11.1 and RealPlayer SP 1.0 up to and including 1.1.4 on Windows allow remote malicious users to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
realnetworks realplayer 11.1 |
||
realnetworks realplayer 11.0 |
||
realnetworks realplayer_sp 1.0.5 |
||
realnetworks realplayer_sp 1.1 |
||
realnetworks realplayer_sp 1.0.1 |
||
realnetworks realplayer_sp 1.0.2 |
||
realnetworks realplayer_sp 1.0.0 |
||
realnetworks realplayer_sp 1.1.1 |
||
realnetworks realplayer_sp 1.1.4 |
||
realnetworks realplayer_sp 1.1.3 |
||
realnetworks realplayer_sp 1.1.2 |