RCE in Realnetworks Realplayer

CVE-2012-0926

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.021 (84.5th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Realplayer — versions 14.0.0, 14.0.1, 14.0.1.609
Realnetworks Realplayer_sp — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

47896 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)