CVE ID:	CVE-2010-3000
Description:	Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3000 Bugtraq: 20100826 ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/archive/1/513383/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-167 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6651 http://www.securitytracker.com/id?1024370 http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://www.vupen.com/english/advisories/2010/2216 XForce ISS Database: realplayer-parseknowntype-code-exec(61423) http://xforce.iss.net/xforce/xfdb/61423

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: