Vulnerability CVE-2010-3000

Vulnerability Name:

CVE-2010-3000 (CCN-61423)

Assigned:

2010-08-26

Published:

2010-08-26

Updated:

2018-10-10

Summary:

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-3000

Source: CCN
Type: SA41096
RealPlayer SP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
41096

Source: CCN
Type: SA41154
RealPlayer Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
41154

Source: CCN
Type: SECTRACK ID: 1024370
RealPlayer Bugs Let Remote Users Obtain Files and Execute Arbitrary Code

Source: CCN
Type: RealNetworks Web Site
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: CONFIRM
Type: Vendor Advisory
http://service.real.com/realplayer/security/08262010_player/en/

Source: CCN
Type: OSVDB ID: 67732
RealPlayer Multiple Products FLV File ParseKnownType Function Multiple Overflows

Source: BUGTRAQ
Type: UNKNOWN
20100826 ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1024370

Source: VUPEN
Type: UNKNOWN
ADV-2010-2216

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-167

Source: XF
Type: UNKNOWN
realplayer-parseknowntype-code-exec(61423)

Source: XF
Type: UNKNOWN
realplayer-parseknowntype-code-exec(61423)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6651

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-13-2010]

Source: CCN
Type: ZDI-10-167
RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities

Vulnerable Configuration:

Configuration 1:

cpe:/a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:6651	V	Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4	2010-11-01

BACK