Vulnerability Note VU#698278
RealPlayer version 18.104.22.168 contains a buffer overflow vulnerability
RealPlayer version 22.214.171.124 and possibly earlier versions contain a stack-based buffer overflow vulnerability (CWE-121).
CWE-121: Stack-based Buffer Overflow
RealPlayer version 126.96.36.199 and possibly earlier versions contain a stack-based buffer overflow vulnerability. The .RMP file format is similar to standard XML encoding. An attacker can place malicious code in the value of the version or the encoding attributes inside the XML declaration to craft a malicious .RMP file. Once the file is opened by the victim, the program may crash or allow execution of code.
A remote unauthenticated attacker may be able to trick a user into opening a malicious .RMP file which may cause a denial-of-service condition or lead to arbitrary code execution.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|RealNetworks, Inc.||Affected||16 Oct 2013||30 Dec 2013|
|CVE Request||Unknown||10 Jan 2014||10 Jan 2014|
CVSS Metrics (Learn More)
Thanks to Gabor Seljan for reporting this vulnerability.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-7260
- Date Public: 20 Dec 2013
- Date First Published: 30 Dec 2013
- Date Last Updated: 10 Jan 2014
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.