Lucene search
SAINT CorporationSAINT:2D55402540E7F0A0A61D0CFA975C0220HistoryJan 07, 2013 - 12:00 a.m.
RealPlayer InternetShortcut URL property buffer overflow
2013-01-0700:00:00
SAINT Corporation
download.saintcorporation.com
27
0.817 High
EPSS
Percentile
98.4%
Added: 01/07/2013
CVE: CVE-2012-5691
BID: 56956
OSVDB: 88486
Background
RealPlayer is a media player application which can play back various multimedia file formats.
Problem
A buffer overflow vulnerability in the **GetPrivateProfileString** function allows command execution when a user opens a RealMedia file containing a specially crafted URL property in the InternetShortcut section.
Resolution
Upgrade to RealPlayer 16.0.0.282 or higher.
References
<http://service.real.com/realplayer/security/12142012_player/en/>
Limitations
Exploit works on RealPlayer 15.0.6.14 on Windows XP SP3 English (DEP OptIn) and requires a user to download the exploit file and drag it into RealPlayer.
Platforms
Windows
Related
packetstorm
packetstorm
RealPlayer RealMedia File Handling Buffer Overflow
2012-12-28 00:00:00
nvd
nvd
CVE-2012-5691
2012-12-19 11:55:56
prion
prion
Buffer overflow
2012-12-19 11:55:00
saint
saint
RealPlayer InternetShortcut URL property buffer overflow
2013-01-07 00:00:00
RealPlayer InternetShortcut URL property buffer overflow
2013-01-07 00:00:00
RealPlayer InternetShortcut URL property buffer overflow
2013-01-07 00:00:00
cvelist
cvelist
CVE-2012-5691
2022-10-03 16:15:29
cve
cve
CVE-2012-5691
2022-10-03 16:15:29
checkpoint_advisories
checkpoint_advisories
RealNetworks RealPlayer URL Parsing Stack Buffer Overflow (CVE-2012-5691)
2013-03-03 00:00:00
nessus
nessus
RealPlayer for Windows < 16.0.0.282 Multiple Vulnerabilities
2012-12-18 00:00:00
Real Networks RealPlayer < 16.0.0.282 Multiple Vulnerabilities
2013-01-03 00:00:00
openvas
openvas
RealNetworks RealPlayer Code Execution Vulnerabilities - Dec12 (Windows)
2012-12-25 00:00:00
RealNetworks RealPlayer Code Execution Vulnerabilities (Dec 2012) - Windows
2012-12-25 00:00:00