CVE-2013-7260

RealNetworks RealPlayer <17.0.4.61 - Windows/Mac - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.

Exploits (2)

metasploit WORKING POC NORMAL

by Gabor Seljan · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/realplayer_ver_attribute_bof.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Gabor Seljan · perllocalwindows

https://www.exploit-db.com/exploits/30468

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://service.real.com/realplayer/security/12202013_player/en/

[US Government Resource] http://www.kb.cert.org/vuls/id/698278

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90160

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64695

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/30468/

Scores

EPSS 0.7934

EPSS Percentile 99.1%

Classification

CWE

CWE-119

Status draft

Affected Products (50)

realnetworks/realplayer < 17.0.4.60

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

realnetworks/realplayer

... and 35 more

Timeline

Published Jan 03, 2014

Tracked Since Feb 18, 2026