CVE-2007-5601

EXPLOITED

RealPlayer - Stack-based Buffer Overflow in Database Component via Playlist Name

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-5601 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, anonymous, MC, including a Metasploit module exploits/windows/browser/realplayer_import.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in RealPlayer's ActiveX control via the Import() method. It delivers a payload through a malicious HTML page, triggering arbitrary code execution on vulnerable systems.

Description

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16497

This Metasploit module exploits a stack buffer overflow in RealPlayer's ActiveX control via the Import() method. It delivers a payload through a malicious HTML page, triggering arbitrary code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealOne Player V2 Gold Build 6.0.11.853 and RealPlayer 10.5 Build 6.0.12.1483
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Vulnerable version of RealPlayer installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · javascriptremotewindows
https://www.exploit-db.com/exploits/30692

This exploit targets a stack-based buffer overflow in RealPlayer's ActiveX control (CVE-2007-5601) by crafting a malicious payload delivered via JavaScript. It leverages specific return addresses for different RealPlayer versions and languages to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealPlayer (versions 6.0.10.x, 6.0.11.x, 6.0.12.x, 6.0.14.x)
No auth needed
Prerequisites: Victim must be using Internet Explorer 6 or 7 on Windows NT 5.x (e.g., Windows 2000, XP) · RealPlayer ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/realplayer_import.rb

This Metasploit module exploits a stack buffer overflow in RealPlayer's ActiveX control via the Import() method, allowing arbitrary code execution. It targets specific versions of RealOne Player and RealPlayer 10.5 by sending an overly long string to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealOne Player V2 Gold Build 6.0.11.853, RealPlayer 10.5 Build 6.0.12.1483
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must have vulnerable RealPlayer version installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27248
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/871673
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018843
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3548
Various Sources x_refsource_misc
http://www.infosecblog.org/2007/10/nasa-bans-ie.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26130
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-297A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37280

Scores

EPSS 0.6862
EPSS Percentile 98.6%

Details

VulnCheck KEV 2010-05-01
CWE
CWE-119
Status published
Products (3)
realnetworks/realplayer 10.0
realnetworks/realplayer 10.5
realnetworks/realplayer 11_beta
Published Oct 20, 2007
Tracked Since Feb 18, 2026