CVE-2013-7260

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
realnetworksrealplayer
𝑥
≤ 17.0.4.60
realnetworksrealplayer
2.1.2
realnetworksrealplayer
2.1.3
realnetworksrealplayer
2.1.4
realnetworksrealplayer
10.0
realnetworksrealplayer
10.5
realnetworksrealplayer
11.0
realnetworksrealplayer
11.0.1
realnetworksrealplayer
11.0.2
realnetworksrealplayer
11.0.2.1744
realnetworksrealplayer
11.0.2.2315
realnetworksrealplayer
11.0.3
realnetworksrealplayer
11.0.4
realnetworksrealplayer
11.0.5
realnetworksrealplayer
11.1
realnetworksrealplayer
11.1.3
realnetworksrealplayer
11_build_6.0.14.748:_build_6.0
realnetworksrealplayer
12.0.0.1444
realnetworksrealplayer
12.0.0.1548
realnetworksrealplayer
14.0.0
realnetworksrealplayer
14.0.1
realnetworksrealplayer
14.0.1.609
realnetworksrealplayer
14.0.2
realnetworksrealplayer
14.0.3
realnetworksrealplayer
14.0.4
realnetworksrealplayer
14.0.5
realnetworksrealplayer
15.0.0
realnetworksrealplayer
15.0.4
realnetworksrealplayer
15.0.4.43
realnetworksrealplayer
15.0.5.109
realnetworksrealplayer
15.0.6.14
realnetworksrealplayer
15.02.71
realnetworksrealplayer
16.0.0
realnetworksrealplayer
16.0.0.282
realnetworksrealplayer
16.0.1.18
realnetworksrealplayer
16.0.2.32
realnetworksrealplayer
16.0.3.51
realnetworksrealplayer
10.0:10.0.0.305
realnetworksrealplayer
10.0:10.0.0.331
realnetworksrealplayer
10.0:10.0.0.352
realnetworksrealplayer
10.1:10.0.0._481
realnetworksrealplayer
10.1:10.0.0.396
realnetworksrealplayer
10.1:10.0.0.412
realnetworksrealplayer
12.0.0.1701
realnetworksrealplayer
12.0.1.1737
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://service.real.com/realplayer/security/12202013_player/en/
http://www.exploit-db.com/exploits/30468/
http://www.kb.cert.org/vuls/id/698278
http://www.securityfocus.com/bid/64695
https://exchange.xforce.ibmcloud.com/vulnerabilities/90160
http://service.real.com/realplayer/security/12202013_player/en/
http://www.exploit-db.com/exploits/30468/
http://www.kb.cert.org/vuls/id/698278
http://www.securityfocus.com/bid/64695
https://exchange.xforce.ibmcloud.com/vulnerabilities/90160