CVE-2012-1904

RealPlayer < 15.0.0 - Denial of Service via Crafted MP4 File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1904. PoCs published by Senator of Pirates.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in RealPlayer's MP4 file handling. The PoC provides a malformed MP4 file that triggers a crash due to improper bounds checking in the `mp4fformat.dll` module.

Description

mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.

Exploits (1)

exploitdb WORKING POC
by Senator of Pirates · textdoswindows
https://www.exploit-db.com/exploits/18661

This exploit targets a memory corruption vulnerability in RealPlayer's MP4 file handling. The PoC provides a malformed MP4 file that triggers a crash due to improper bounds checking in the `mp4fformat.dll` module.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: RealPlayer <= SP 1.1.4 (Build 12.0.0.756) and <= v15
No auth needed
Prerequisites: Victim must open the malformed MP4 file in RealPlayer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49193
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027076

Scores

EPSS 0.0479
EPSS Percentile 90.8%

Details

CWE
CWE-119
Status published
Products (37)
realnetworks/realplayer 4
realnetworks/realplayer 5
realnetworks/realplayer 6
realnetworks/realplayer 7
realnetworks/realplayer 8
realnetworks/realplayer 10.0
realnetworks/realplayer 10.5
realnetworks/realplayer 11.0
realnetworks/realplayer 11.0.1
realnetworks/realplayer 11.0.2
... and 27 more
Published Mar 28, 2012
Tracked Since Feb 18, 2026