What versions of RealPlayer are affected by CVE-2010-2999?

CVE-2010-2999 affects RealPlayer versions 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, and specific builds of Mac and Linux RealPlayer.

How can I mitigate the risk of CVE-2010-2999?

To mitigate the risk of CVE-2010-2999, users should update RealPlayer to the latest version or apply any security patches provided by RealNetworks.

What types of attacks can be executed due to CVE-2010-2999?

CVE-2010-2999 can lead to arbitrary code execution or heap memory corruption, potentially resulting in a denial of service.

Is CVE-2010-2999 still a risk for users of RealPlayer?

Users of RealPlayer should verify they are using an updated version, as outdated versions may still be vulnerable to CVE-2010-2999.

Vulnerability/
CVE-2010-2999

critical

9.3

CWE

189 190

14/12/2010

19/1/2011

CVE-2010-2999: Integer Overflow

First published: Tue Dec 14 2010(Updated: )

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
RealPlayer	=11.0
RealPlayer	=11.0.4
RealPlayer	=11.0.2
RealPlayer	=11.0.3
RealPlayer	=11.0.5
RealPlayer	=11.1
RealPlayer	=11.0.1
RealNetworks RealPlayer SP	=1.0.1
RealNetworks RealPlayer SP	=1.0.0
RealPlayer	=1.0.0
RealPlayer	=1.0.1
Apple iOS and macOS
RealPlayer	=11.0.2.1744
Linux kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2010-2999?
CVE-2010-2999 is a vulnerability in RealNetworks RealPlayer that allows remote attackers to execute arbitrary code or cause a denial of service due to an integer overflow involving a malformed MLLT atom.
What versions of RealPlayer are affected by CVE-2010-2999?
CVE-2010-2999 affects RealPlayer versions 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, and specific builds of Mac and Linux RealPlayer.
How can I mitigate the risk of CVE-2010-2999?
To mitigate the risk of CVE-2010-2999, users should update RealPlayer to the latest version or apply any security patches provided by RealNetworks.
What types of attacks can be executed due to CVE-2010-2999?
CVE-2010-2999 can lead to arbitrary code execution or heap memory corruption, potentially resulting in a denial of service.
Is CVE-2010-2999 still a risk for users of RealPlayer?
Users of RealPlayer should verify they are using an updated version, as outdated versions may still be vulnerable to CVE-2010-2999.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/event
collector/nvd-historical
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/realnetworks
canonical/realplayer
version/realplayer/11.0
version/realplayer/11.0.4
version/realplayer/11.0.2
version/realplayer/11.0.3
version/realplayer/11.0.5
version/realplayer/11.1
version/realplayer/11.0.1
canonical/realnetworks realplayer sp
version/realnetworks realplayer sp/1.0.1
version/realnetworks realplayer sp/1.0.0
version/realplayer/1.0.0
version/realplayer/1.0.1
vendor/apple
canonical/apple ios and macos
version/realplayer/11.0.2.1744
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.