Vulnerability in Realnetworks Realplayer
CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.
EPSS: 0.035 (87.9th percentile) — read the EPSS interpretation.
Affected products
- Realnetworks Realplayer — versions 4, 5, 6
- Realnetworks Realplayer_sp — versions 1.0.0, 1.0.1, 1.0.2
- N/a — versions n/a
References
- 49193 (x_refsource_SECUNIA, third-party-advisory)
- 1027076 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- realplayer-asmrulebook-code-exec(75647) (vdb-entry, x_refsource_XF)
- 81943 (x_refsource_OSVDB, vdb-entry)