RCE in Realnetworks Realplayer

CVE-2014-3444

The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp fil…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.276 (96.5th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Realplayer — versions 16.0.0, 16.0.0.282, 16.0.1.18
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (Exploit, x_refsource_MISC)