1. Home
  2. CVE Database
  3. CVE-2010-3000
HIGH · 9.3

CVE-2010-3000

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code v...

Vulnerability Description

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
RealnetworksRealplayer11.0
MicrosoftWindowsAll versions
RealnetworksRealplayer Sp1.0.0

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2010-3000?

CVE-2010-3000 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code v...

How severe is CVE-2010-3000?

CVE-2010-3000 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3000?

Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Realplayer, Microsoft Windows, Realnetworks Realplayer Sp.