CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.2%
Added: 09/12/2011
CVE: CVE-2011-2950
BID: 49172
OSVDB: 74549
RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones.
A heap buffer overflow vulnerability exists in RealPlayer **qcpfformat.dll**
when handling **fmt**
chunks in QCP files.
Upgrade to the latest version of RealPlayer, as identified in August 2011 Real Player update.
<http://zerodayinitiative.com/advisories/ZDI-11-265/>
Exploit works on RealNetworks RealPlayer 14.0.2.633 on Microsoft Windows XP with KB959426. The target user must open the exploit page using Internet Explorer 8.
Windows XP