CVE-2011-10016

CRITICAL

Real Networks Netzip Classic 7.5.1.86 - Buffer Overflow

Title source: llm

Description

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17985

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by C4SS!0 G0M3S · rubylocalwindows

https://www.exploit-db.com/exploits/16083

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by C4SS!0 G0M3S · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb

[Various Sources] https://www.softpedia.com/get/Compression-tools/NetZip-Classic.shtml

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16083

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/17985

[Third Party Advisory] https://www.vulncheck.com/advisories/real-networks-netzip-classic-file-parsing-buffer-overflow

Scores

CVSS v4 9.3

EPSS 0.0815

EPSS Percentile 92.2%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

RealNetworks Inc./Netzip Classic 7.5.1.86

Published Aug 13, 2025

Tracked Since Feb 18, 2026