CVE-2012-4987

RealNetworks RealPlayer <15.0.5.109 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature.

References (6)

[Various Sources] http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html

[Exploit, Third Party Advisory] http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html

[Mailing List] http://seclists.org/fulldisclosure/2012/Oct/189

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/79663

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56324

[Third Party Advisory, VDB Entry] http://osvdb.org/86721

Scores

EPSS 0.0401

EPSS Percentile 88.2%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

realnetworks/realplayer

Timeline

Published Nov 04, 2012

Tracked Since Feb 18, 2026