Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-7260

Опубликовано: 03 янв. 2014
Источник: nvd
CVSS2: 7.5
EPSS Высокий

Описание

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*
Версия до 17.0.4.60 (включая)
cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:4:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:6:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:7:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:8:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:12.0.0.1444:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:12.0.0.1548:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:15.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:15.0.4:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:15.0.4.43:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:15.0.5.109:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:15.0.6.14:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:15.02.71:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:16.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:16.0.0.282:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:16.0.1.18:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:16.0.2.32:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:16.0.3.51:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0._481:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:12.0.0.1701:*:mac:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:12.0.1.1737:-:-:*:-:macos:*:*

EPSS

Процентиль: 99%
0.78256
Высокий

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

github логотип

GHSA-vjg2-r394-94r6

github
больше 3 лет назад

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.

EPSS

Процентиль: 99%
0.78256
Высокий

7.5 High

CVSS2

Дефекты

CWE-119