PT-2010-4473 · Realnetworks · Realplayer Sp+1
Sebastian Apelt
·
Published
2010-08-26
·
Updated
2018-10-10
·
CVE-2010-3000
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RealPlayer versions 11.0 through 11.1
RealPlayer SP versions 1.0 through 1.1.4
Description
The issue is related to multiple integer overflows in the ParseKnownType function, allowing remote attackers to execute arbitrary code via crafted data in an FLV file, specifically through
HX FLV META AMF TYPE MIXEDARRAY or HX FLV META AMF TYPE ARRAY data.Recommendations
For RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflows in the ParseKnownType function.
For RealPlayer SP versions 1.0 through 1.1.4, update to a version that fixes the integer overflows in the ParseKnownType function.
As a temporary workaround, consider avoiding the use of FLV files from untrusted sources until a patch is available.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Realplayer
Realplayer Sp