CVE-2010-3000

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.4

Description The issue is related to multiple integer overflows in the ParseKnownType function, allowing remote attackers to execute arbitrary code via crafted data in an FLV file, specifically through HX FLV META AMF TYPE MIXEDARRAY or HX FLV META AMF TYPE ARRAY data.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflows in the ParseKnownType function. For RealPlayer SP versions 1.0 through 1.1.4, update to a version that fixes the integer overflows in the ParseKnownType function. As a temporary workaround, consider avoiding the use of FLV files from untrusted sources until a patch is available.