CVE-2012-0928

RealNetworks RealPlayer <14.0.7 - RCE

Title source: llm

Description

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://service.real.com/realplayer/security/02062012_player/en/

Scores

EPSS 0.0213

EPSS Percentile 84.4%

Details

CWE

CWE-94

Status published

Products (33)

realnetworks/realplayer 14.0.0

realnetworks/realplayer 14.0.1

realnetworks/realplayer 14.0.1.609

realnetworks/realplayer 14.0.1.633

realnetworks/realplayer 14.0.2

realnetworks/realplayer 14.0.3

realnetworks/realplayer 14.0.4

realnetworks/realplayer 14.0.5

realnetworks/realplayer 14.0.6

realnetworks/realplayer 14.0.7

... and 23 more

Published Feb 08, 2012

Tracked Since Feb 18, 2026