Lucene search
Sebastian Apelt, siberasZDI-10-167HistoryAug 26, 2010 - 12:00 a.m.
RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities
2010-08-2600:00:00
Sebastian Apelt, siberas
www.zerodayinitiative.com
13
EPSS
0.951
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. While parsing the HX_FLV_META_AMF_TYPE_MIXEDARRAY and the HX_FLV_META_AMF_TYPE_ARRAY data types the ParseKnownType function makes two improper calculations that can force integers to wrap. A remote attacker can exploit these vulnerabilities to execute arbitrary code under the context of the user playing the file.
Related
securityvulns
securityvulns
ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities
2010-08-30 00:00:00
RealNetworks RealPlayer security vulnerabilities
2010-08-30 00:00:00
checkpoint_advisories
checkpoint_advisories
exploitpack
exploitpack
RealPlayer - FLV Parsing Integer Overflow
2010-09-13 00:00:00
seebug
seebug
RealPlayer - FLV Parsing Integer Overflow
2014-07-01 00:00:00
exploitdb
exploitdb
RealPlayer - FLV Parsing Integer Overflow
2010-09-13 00:00:00
packetstorm
packetstorm
Month Of Abysssec Undisclosed Bugs - RealPlayer
2010-09-14 00:00:00
cvelist
cvelist
CVE-2010-3000
2010-08-30 19:00:00
nvd
nvd
CVE-2010-3000
2010-08-30 20:00:02
cve
cve
CVE-2010-3000
2010-08-30 20:00:02
prion
prion
Integer overflow
2010-08-30 20:00:00
zdt
zdt
RealPlayer FLV Parsing Integer Overflow
2010-09-13 00:00:00
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Windows)
2010-09-08 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities - Windows
2010-09-08 00:00:00
nessus
nessus
RealPlayer for Windows < Build 12.0.0.879 Multiple Vulnerabilities
2010-08-27 00:00:00