CVE-2010-3000

RealNetworks RealPlayer <11.1 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3000. PoCs published by Abysssec.

AI-analyzed exploit summary This PoC exploits an integer overflow vulnerability in RealPlayer's FLV parsing by crafting a malicious FLV file. The overflow occurs when parsing a malformed AMF mixed array value, leading to a crash or potential code execution.

Description

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Abysssec · pythondoswindows

https://www.exploit-db.com/exploits/14992

View Code ZIP pw:eip

This PoC exploits an integer overflow vulnerability in RealPlayer's FLV parsing by crafting a malicious FLV file. The overflow occurs when parsing a malformed AMF mixed array value, leading to a crash or potential code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: RealPlayer SP 1.1.4

No auth needed

Prerequisites: Victim must open the crafted FLV file in RealPlayer

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2216

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41096

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/61423

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/513383/100/0/threaded

Vendor Advisory x_refsource_confirm

http://service.real.com/realplayer/security/08262010_player/en/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024370

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-10-167

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41154

Scores

EPSS 0.0750

EPSS Percentile 93.7%

Details

CWE

CWE-189

Status published

Products (11)

realnetworks/realplayer 11.0

realnetworks/realplayer 11.1

realnetworks/realplayer_sp 1.0.0

realnetworks/realplayer_sp 1.0.1

realnetworks/realplayer_sp 1.0.2

realnetworks/realplayer_sp 1.0.5

realnetworks/realplayer_sp 1.1

realnetworks/realplayer_sp 1.1.1

realnetworks/realplayer_sp 1.1.2

realnetworks/realplayer_sp 1.1.3

... and 1 more

Published Aug 30, 2010

Tracked Since Feb 18, 2026