CVE-2013-3299

RealNetworks RealPlayer <16.0.2.32 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3299. PoCs published by Akshaysinh Vaghela.

AI-analyzed exploit summary This exploit leverages a JavaScript-based denial-of-service vulnerability in RealPlayer by recursively expanding a buffer to consume excessive CPU resources. The PoC demonstrates the flaw by repeatedly concatenating a string until system resources are exhausted.

Description

RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Akshaysinh Vaghela · htmldosmultiple
https://www.exploit-db.com/exploits/38623

This exploit leverages a JavaScript-based denial-of-service vulnerability in RealPlayer by recursively expanding a buffer to consume excessive CPU resources. The PoC demonstrates the flaw by repeatedly concatenating a string until system resources are exhausted.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: RealNetworks RealPlayer 16.0.2.32 and prior
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of RealPlayer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Jul/18

Scores

EPSS 0.0223
EPSS Percentile 80.4%

Details

CWE
CWE-20
Status published
Products (39)
realnetworks/realplayer 4
realnetworks/realplayer 5
realnetworks/realplayer 6
realnetworks/realplayer 7
realnetworks/realplayer 8
realnetworks/realplayer 10.0
realnetworks/realplayer 10.5
realnetworks/realplayer 11.0
realnetworks/realplayer 11.0.1
realnetworks/realplayer 11.0.2
... and 29 more
Published Jul 06, 2013
Tracked Since Feb 18, 2026