APP: RealNetworks RealPlayer FLV Parsing Two Integer Overflow Vulnerabilities
This signature detects attempts to exploit two known remote code execution vulnerabilities in RealNetworks RealPlayer. They are due to two integer overflow errors while parsing the ECMA Array and the Strict Array type data in FLV files. An attacker can leverage these by enticing a target user to open a crafted IVR file. A successful attack allows the attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack can cause an abnormal termination of the affected product.
Extended Description
Real Networks RealPlayer & RealPlayer SP are prone to multiple security vulnerabilities, including remote code-execution issues, an unauthorized access issue, a potential denial-of-service issue, and an unspecified issue. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application, cause denial-of-service conditions, or access files without proper authorization. Other attacks may also be possible. RealPlayer 11.1 and RealPlayer SP 1.1.4 and prior are vulnerable.
Affected Products
Real_networks realplayer_11_beta
Short Name
APP:REAL:MAL-FLV-FILE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2010-3000 FLV Integer Overflow Parsing RealNetworks RealPlayer Two Vulnerabilities bid:42775
Release Date
10/26/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Real_networks
CVSS Score
9.3