CVE-2012-0928

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
realnetworksrealplayer
14.0.0
realnetworksrealplayer
14.0.1
realnetworksrealplayer
14.0.1.609
realnetworksrealplayer
14.0.1.633
realnetworksrealplayer
14.0.2
realnetworksrealplayer
14.0.3
realnetworksrealplayer
14.0.4
realnetworksrealplayer
14.0.5
realnetworksrealplayer
14.0.6
realnetworksrealplayer
14.0.7
realnetworksrealplayer
11.0
realnetworksrealplayer
11.0.1
realnetworksrealplayer
11.0.2
realnetworksrealplayer
11.0.2.1744
realnetworksrealplayer
11.0.2.2315
realnetworksrealplayer
11.0.3
realnetworksrealplayer
11.0.4
realnetworksrealplayer
11.0.5
realnetworksrealplayer
11.1
realnetworksrealplayer
11.1.3
realnetworksrealplayer
11_build_6.0.14.748:_build_6.0
realnetworksrealplayer_sp
1.0.0
realnetworksrealplayer_sp
1.0.1
realnetworksrealplayer_sp
1.0.2
realnetworksrealplayer_sp
1.0.5
realnetworksrealplayer_sp
1.1
realnetworksrealplayer_sp
1.1.1
realnetworksrealplayer_sp
1.1.2
realnetworksrealplayer_sp
1.1.3
realnetworksrealplayer_sp
1.1.4
realnetworksrealplayer_sp
1.1.5
realnetworksrealplayer
12.0.0.1569
realnetworksrealplayer
12.0.0.1701
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://service.real.com/realplayer/security/02062012_player/en/
http://service.real.com/realplayer/security/02062012_player/en/