Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-3000

Published: 30/08/2010 Updated: 10/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Realplayer

Vulnerability Summary

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 up to and including 11.1 and RealPlayer SP 1.0 up to and including 1.1.4 on Windows allow remote malicious users to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

Vulnerable Product Search on Vulmon Subscribe to Product

realnetworks realplayer 11.1

realnetworks realplayer 11.0

realnetworks realplayer_sp 1.0.5

realnetworks realplayer_sp 1.1

realnetworks realplayer_sp 1.0.1

realnetworks realplayer_sp 1.0.2

realnetworks realplayer_sp 1.0.0

realnetworks realplayer_sp 1.1.1

realnetworks realplayer_sp 1.1.4

realnetworks realplayer_sp 1.1.3

realnetworks realplayer_sp 1.1.2

Exploits

Exploit DB: RealPlayer - FLV Parsing Integer Overflow
''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ ''' ''' Title : RealPlayer FLV Parsing Multiple Integer Overflow Version : RealPlayer SP 114 Analysis : wwwa ...
Exploit DB: Month Of Abysssec Undisclosed Bugs - RealPlayer
Month Of Abysssec Undisclosed Bugs - RealPlayer SP 114 suffers from FLV parsing integer overflows ...

References

CWE-189http://service.real.com/realplayer/security/08262010_player/en/http://www.zerodayinitiative.com/advisories/ZDI-10-167http://secunia.com/advisories/41154http://secunia.com/advisories/41096http://www.securitytracker.com/id?1024370http://www.vupen.com/english/advisories/2010/2216https://exchange.xforce.ibmcloud.com/vulnerabilities/61423https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651http://www.securityfocus.com/archive/1/513383/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/14992/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook