Published: 19/12/2013 Updated: 31/12/2016

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in RealNetworks RealPlayer prior to 17.0.4.61 on Windows, and Mac RealPlayer prior to 12.0.1.1738, allows remote malicious users to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realnetworks realplayer 16.0.2.32
realnetworks realplayer 16.0.3.51

#!/usr/bin/perl #-----------------------------------------------------------------------------# # Exploit Title: RealNetworks RealPlayer Version Attribute Buffer Overflow # # Date: Dec 20 2013 # # Exploit Author: Gabor Seljan # # Vendor Home ...

RealNetworks RealPlayer versions 160351 and 160232 buffer overflow exploit that spawns calcexe ...

Core Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack) Versions 160232 and 160351 are affe ...

CWE-119 http://archives.neohapsis.com/archives/bugtraq/2013-12/0104.html http://www.coresecurity.com/advisories/realplayer-heap-based-buffer-overflow-vulnerability http://packetstormsecurity.com/files/124535 http://service.real.com/realplayer/security/12202013_player/en/http://www.securityfocus.com/bid/64398 https://nvd.nist.gov https://www.exploit-db.com/exploits/30468/

CVE-2013-6877

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect