CVE-2010-2996

Published: Aug 30, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.

Affected (2)

Products: Realnetworks: Realplayer

Realnetworks

1 product

Realplayer

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Version 11.0
Realnetworks Realplayer	Version 11.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (16)

http://secunia.com/advisories/41154

Source: cve@mitre.org

http://service.real.com/realplayer/security/08262010_player/en/

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/513381/100/0/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id?1024370

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/2216

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-10-166

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/61425

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6703

Source: cve@mitre.org

http://secunia.com/advisories/41154