CVE-2000-0280

RealPlayer 6 and 7 - Denial of Service via Long Location URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0280. PoCs published by Adam Muntner.

AI-analyzed exploit summary The code describes a buffer overflow vulnerability in RealPlayer versions 6.0 and 7.0, where a URL with over 300 characters in the 'location' field can crash the application or potentially execute arbitrary code. The vulnerability can be exploited remotely via an HTML file with 'autostart' set to 'true'.

Description

Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Adam Muntner · textdoswindows
https://www.exploit-db.com/exploits/19834

The code describes a buffer overflow vulnerability in RealPlayer versions 6.0 and 7.0, where a URL with over 300 characters in the 'location' field can crash the application or potentially execute arbitrary code. The vulnerability can be exploited remotely via an HTML file with 'autostart' set to 'true'.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: RealPlayer 6.0, 7.0
No auth needed
Prerequisites: A vulnerable version of RealPlayer · Ability to deliver a malicious URL to the target
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-04/0018.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1088

Scores

EPSS 0.0459
EPSS Percentile 90.5%

Details

Status published
Products (2)
realnetworks/realplayer 6.0
realnetworks/realplayer 7.0
Published Apr 03, 2000
Tracked Since Feb 18, 2026