Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-3000 | First vendor Publication | 2010-08-30 |
Vendor | Cve | Last vendor Modification | 2018-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3000 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6651 | |||
Oval ID: | oval:org.mitre.oval:def:6651 | ||
Title: | Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 | ||
Description: | Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3000 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | RealPlayer RealPlayer SP |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-09-13 | MOAUB #13 - RealPlayer FLV Parsing Integer Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2010-09-08 | Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) File : nvt/gb_realplayer_mult_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67732 | RealPlayer Multiple Products FLV File ParseKnownType Function Multiple Overflows |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | RealNetworks RealPlayer FLV integer overflow attempt RuleID : 43727 - Revision : 1 - Type : FILE-FLASH |
2014-01-10 | RealNetworks RealPlayer FLV integer overflow attempt RuleID : 19002 - Revision : 14 - Type : FILE-FLASH |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-08-27 | Name : The remote Windows application is affected by multiple vulnerabilities. File : realplayer_12_0_0_879.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 00:26:16 |
|
2018-10-11 00:19:54 |
|
2017-09-19 09:23:53 |
|
2017-08-17 09:23:05 |
|
2016-06-29 00:14:26 |
|
2016-04-26 20:01:16 |
|
2014-02-17 10:56:53 |
|
2014-01-19 21:27:03 |
|
2013-05-10 23:30:25 |
|