CVE-2007-4904

RealPlayer 10.1.0.3114 and earlier and Helix Player 1.0.6.778 - Denial of Service via Malformed .au File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4904.

AI-analyzed exploit summary This exploit generates a malformed .au file that triggers a denial-of-service (DoS) condition in RealPlayer 11 when opened. The payload consists of a crafted header with specific byte sequences designed to crash the application.

Description

RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.

Exploits (1)

exploitdb WORKING POC
pythondoswindows
https://www.exploit-db.com/exploits/4683

This exploit generates a malformed .au file that triggers a denial-of-service (DoS) condition in RealPlayer 11 when opened. The payload consists of a crafted header with specific byte sequences designed to crash the application.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: RealPlayer 11
No auth needed
Prerequisites: Ability to deliver the malicious .au file to the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36545
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479081/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25627
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39904

Scores

EPSS 0.0279
EPSS Percentile 84.5%

Details

CWE
CWE-189
Status published
Products (5)
realnetworks/helix_player 1.0.6
realnetworks/realplayer 10.0.8
realnetworks/realplayer 10.0.9
realnetworks/realplayer 10.1
realnetworks/realplayer 10.5-gold
Published Sep 17, 2007
Tracked Since Feb 18, 2026