CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.7%
RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability (CWE-121).
CWE-121: Stack-based Buffer Overflow
RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability. The .RMP file format is similar to standard XML encoding. An attacker can place malicious code in the value of the version or the encoding attributes inside the XML declaration to craft a malicious .RMP file. Once the file is opened by the victim, the program may crash or allow execution of code.
A remote unauthenticated attacker may be able to trick a user into opening a malicious .RMP file which may cause a denial-of-service condition or lead to arbitrary code execution.
Apply an Update
RealNetworks has advised users to apply the latest patch to remove .RMP file support to address this vulnerability.
698278
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 16, 2013 Updated: December 30, 2013
Affected
We have not received a statement from the vendor.
A patch is available at the link below.
Notified: January 10, 2014 Updated: January 10, 2014
Unknown
We have not received a statement from the vendor.
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 5.3 | E:POC/RL:OF/RC:C |
Environmental | 1.3 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Gabor Seljan for reporting this vulnerability.
This document was written by Adam Rauf.
CVE IDs: | CVE-2013-7260 |
---|---|
Date Public: | 2013-12-20 Date First Published: |