cbcvebase.
CVE-2010-3000
published 2010-08-30

CVE-2010-3000: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow…

PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.50%
93.7th percentile
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

Affected

11 ranges
VendorProductVersion rangeFixed in
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp
realnetworksrealplayer_sp

Detection & IOCsextracted from sources · hover to see the quote

bytes
07 50 75 08
snort
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt"; flow:established,to_client; content:"FLV"; nocase; depth:300; content:"onMetaData"; nocase; distance:0; content:"|07 50 75 08|"; within:100; reference:url,service.real.com/realplayer/security/08262010_player/en/; reference:url,www.exploit-db.com/moaub-13-realplayer-flv-parsing-multiple-integer-overflow/; reference:bugtraq,42775; reference:cve,2010-3000; classtype:attempted-user; sid:2011485; rev:2; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_09_28, cve CVE_2010_3000, deployment Perimeter, confidence Medium, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_07_26;)
  • Trigger condition: FLV file containing 'onMetaData' followed within 100 bytes by the byte sequence 07 50 75 08, delivered over HTTP to a client — characteristic of the integer overflow trigger in ParseKnownType.
  • Detection should focus on network traffic from $EXTERNAL_NET on HTTP ports delivering FLV content to client endpoints (flow: established, to_client).
  • ·The Snort/ET rule targets HTTP delivery only (TCP $HTTP_PORTS); FLV files delivered via other protocols (e.g., RTSP, local file) would not be caught by this signature.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.