What is CVE-2012-0928?

CVE-2012-0928 is a vulnerability in Realnetworks Realplayer, classified under Code Injection. Published 2012-02-08.

Is CVE-2012-0928 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Realnetworks Realplayer

CVE-2012-0928

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.021 (84.5th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Realplayer — versions 14.0.0, 14.0.1, 14.0.1.609
Realnetworks Realplayer_sp — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2012-0928?: CVE-2012-0928 is a vulnerability in Realnetworks Realplayer, classified under Code Injection. Published 2012-02-08.
Is CVE-2012-0928 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.