VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3000
realplayer, realplayer_sp: Multiple integer overflows in the ParseKnownType fu...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3000

Original

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-30
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-31




Affected Product Tags
cpe:/a:realnetworks:realplayer:11.0
cpe:/a:realnetworks:realplayer:11.1
cpe:/a:realnetworks:realplayer_sp:1.0.0
cpe:/a:realnetworks:realplayer_sp:1.0.1
cpe:/a:realnetworks:realplayer_sp:1.0.2
cpe:/a:realnetworks:realplayer_sp:1.0.5
cpe:/a:realnetworks:realplayer_sp:1.1
cpe:/a:realnetworks:realplayer_sp:1.1.1
cpe:/a:realnetworks:realplayer_sp:1.1.2
cpe:/a:realnetworks:realplayer_sp:1.1.3
cpe:/a:realnetworks:realplayer_sp:1.1.4
cpe:/o:microsoft:windows
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
BUGTRAQ 20100826 ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities




CONFIRM http://service.real.com/realplayer/security/08262010_player/en/




MISC http://www.zerodayinitiative.com/advisories/ZDI-10-167




Vulnerability Type Numeric Errors (CWE-189)




Copyright © 2010 JPCERT/CC All Rights Reserved.