CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
Added: 01/07/2013
CVE: CVE-2012-5691
BID: 56956
OSVDB: 88486
RealPlayer is a media player application which can play back various multimedia file formats.
A buffer overflow vulnerability in the **GetPrivateProfileString**
function allows command execution when a user opens a RealMedia file containing a specially crafted URL property in the InternetShortcut section.
Upgrade to RealPlayer 16.0.0.282 or higher.
<http://service.real.com/realplayer/security/12142012_player/en/>
Exploit works on RealPlayer 15.0.6.14 on Windows XP SP3 English (DEP OptIn) and requires a user to download the exploit file and drag it into RealPlayer.
Windows