Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:698278
HistoryDec 30, 2013 - 12:00 a.m.

RealPlayer version 16.0.3.51 contains a buffer overflow vulnerability

2013-12-3000:00:00
www.kb.cert.org
24

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.966

Percentile

99.7%

JSON

Overview

RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability (CWE-121).

Description

CWE-121: Stack-based Buffer Overflow

RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability. The .RMP file format is similar to standard XML encoding. An attacker can place malicious code in the value of the version or the encoding attributes inside the XML declaration to craft a malicious .RMP file. Once the file is opened by the victim, the program may crash or allow execution of code.

Impact

A remote unauthenticated attacker may be able to trick a user into opening a malicious .RMP file which may cause a denial-of-service condition or lead to arbitrary code execution.

Solution

Apply an Update

RealNetworks has advised users to apply the latest patch to remove .RMP file support to address this vulnerability.

Vendor Information

698278

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

RealNetworks, Inc. __ Affected

Notified: October 16, 2013 Updated: December 30, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

A patch is available at the link below.

Vendor References

CVE Request Unknown

Notified: January 10, 2014 Updated: January 10, 2014

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CVSS Metrics

Group Score Vector
Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal 5.3 E:POC/RL:OF/RC:C
Environmental 1.3 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Gabor Seljan for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-7260
Date Public: 2013-12-20 Date First Published:

Related

metasploit 1
exploitpack 1
seebug 1
nessus 1
cvelist 2
nvd 2
cve 2
exploitdb 1
openvas 1
prion 2
metasploit
metasploit
RealNetworks RealPlayer Version Attribute Buffer Overflow
2013-12-20 21:37:09
exploitpack
exploitpack
RealNetworks RealPlayer 16.0.3.5116.0.2.32 - .rmp Version Attribute Buffer Overflow
2013-12-24 00:00:00
seebug
seebug
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - (.rmp) Version Attribute Buffer Overflow
2014-07-01 00:00:00
nessus
nessus
RealPlayer for Windows < 17.0.4.61 RMP Buffer Overflow
2013-12-31 00:00:00
cvelist
cvelist
CVE-2013-6877
2013-12-19 22:00:00
CVE-2013-7260
2014-01-03 20:00:00
nvd
nvd
CVE-2013-7260
2014-01-03 20:55:06
CVE-2013-6877
2013-12-19 22:55:04
cve
cve
CVE-2013-7260
2014-01-03 20:55:06
CVE-2013-6877
2013-12-19 22:55:04
exploitdb
exploitdb
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - &#039;.rmp&#039; Version Attribute Buffer Overflow
2013-12-24 00:00:00
openvas
openvas
RealNetworks RealPlayer Buffer Overflow Vulnerability (Dec 2013) - Windows
2013-12-26 00:00:00
prion
prion
Heap overflow
2013-12-19 22:55:00
Stack overflow
2014-01-03 20:55:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.966

Percentile

99.7%

JSON
Related for VU:698278
metasploit1exploitpack1seebug1nessus1cvelist2nvd2cve2exploitdb1openvas1prion2