Vulnerability Note VU#246524
Real Media Player filename handler stack buffer overflow vulnerability
Real Media Player fails to parse filenames correctly, which may allow a remote, unauthenticated attacker to execute arbitrary code in the context of the logged in user.
CWE-121: Stack-based Buffer Overflow - CVE-2013-4973
Real Media Player versions prior to version 18.104.22.168 are vulnerable to a stack buffer overflow when provided with a specially crafted .rmp file. When executed, it may allow a remote unauthenticated attacker to run arbitrary code in the context of the logged in user.
A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition, or execute arbitrary code with the privileges of the application..
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|RealNetworks, Inc.||Affected||07 Feb 2013||26 Aug 2013|
CVSS Metrics (Learn More)
Thanks to hamburgers maccoy for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2013-4973
- Date Public: 23 Aug 2013
- Date First Published: 26 Aug 2013
- Date Last Updated: 26 Aug 2013
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.