CVE-2007-6235

RealNetworks RealPlayer 11 - Denial of Service via Malformed .au File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6235. PoCs published by NtWaK0.

AI-analyzed exploit summary This exploit generates a malformed .au file that triggers a Denial of Service (DoS) in RealPlayer 11 when opened. The payload consists of a crafted header designed to crash the application.

Description

A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NtWaK0 · pythondoswindows

https://www.exploit-db.com/exploits/4683

View Code ZIP pw:eip

This exploit generates a malformed .au file that triggers a Denial of Service (DoS) in RealPlayer 11 when opened. The payload consists of a crafted header designed to crash the application.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: RealPlayer 11

No auth needed

Prerequisites: Ability to deliver the malicious .au file to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/484449/100/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4683

URL Repurposed x_refsource_misc

http://www.safehack.com/Advisory/realpdos_au.txt

Scores

EPSS 0.0278

EPSS Percentile 84.6%

Details

CWE

CWE-20

Status published

Products (1)

realnetworks/realplayer 11

Published Dec 04, 2007

Tracked Since Feb 18, 2026