CVE-2010-3000: Integer Overflow
First published: Mon Aug 30 2010(Updated: )
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.1 | |
| Microsoft Windows Operating System | ||
| RealPlayer | =1.0.0 | |
| RealPlayer | =1.0.1 | |
| RealPlayer | =1.0.2 | |
| RealPlayer | =1.0.5 | |
| RealPlayer | =1.1 | |
| RealPlayer | =1.1.1 | |
| RealPlayer | =1.1.2 | |
| RealPlayer | =1.1.3 | |
| RealPlayer | =1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://service.real.com/realplayer/security/08262010_player/en/
- http://www.zerodayinitiative.com/advisories/ZDI-10-167
- http://secunia.com/advisories/41154
- http://secunia.com/advisories/41096
- http://www.securitytracker.com/id?1024370
- http://www.vupen.com/english/advisories/2010/2216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61423
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651
- http://www.securityfocus.com/archive/1/513383/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-3000?
CVE-2010-3000 has a high severity rating due to its potential to allow remote code execution.
How do I fix CVE-2010-3000?
To fix CVE-2010-3000, update RealPlayer to the latest version as recommended by RealNetworks.
Which versions of RealPlayer are affected by CVE-2010-3000?
CVE-2010-3000 affects RealPlayer versions 11.0, 11.1, and certain versions of RealPlayer SP from 1.0 to 1.1.4.
What type of vulnerability is CVE-2010-3000?
CVE-2010-3000 is classified as an integer overflow vulnerability that can lead to arbitrary code execution.
How can attackers exploit CVE-2010-3000?
Attackers can exploit CVE-2010-3000 by crafting malicious FLV files with specific data types designed to trigger the overflow.
- collector/nvd-historical
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.1
- vendor/microsoft
- canonical/microsoft windows operating system
- version/realplayer/1.0.0
- version/realplayer/1.0.1
- version/realplayer/1.0.2
- version/realplayer/1.0.5
- version/realplayer/1.1
- version/realplayer/1.1.1
- version/realplayer/1.1.2
- version/realplayer/1.1.3
- version/realplayer/1.1.4