Buffer overflow in Realnetworks Realplayer

CVE-2013-6877

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a differen…

Vulnerability class: Buffer Overflow

EPSS: 0.350 (97.1th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Realplayer — versions 16.0.2.32, 16.0.3.51
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20131217 CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability (mailing-list, Exploit, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
64398 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)