Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:F139377CFA4FD0DA72C85AD8185F9BFC
HistoryJan 07, 2013 - 12:00 a.m.

RealPlayer InternetShortcut URL property buffer overflow

2013-01-0700:00:00
SAINT Corporation
my.saintcorporation.com
34

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.817 High

EPSS

Percentile

98.4%

JSON

Added: 01/07/2013
CVE: CVE-2012-5691
BID: 56956
OSVDB: 88486

Background

RealPlayer is a media player application which can play back various multimedia file formats.

Problem

A buffer overflow vulnerability in the **GetPrivateProfileString** function allows command execution when a user opens a RealMedia file containing a specially crafted URL property in the InternetShortcut section.

Resolution

Upgrade to RealPlayer 16.0.0.282 or higher.

References

<http://service.real.com/realplayer/security/12142012_player/en/&gt;

Limitations

Exploit works on RealPlayer 15.0.6.14 on Windows XP SP3 English (DEP OptIn) and requires a user to download the exploit file and drag it into RealPlayer.

Platforms

Windows

Related

saint 3
cvelist 1
packetstorm 1
nvd 1
prion 1
cve 1
checkpoint_advisories 1
openvas 2
nessus 2
saint
saint
RealPlayer InternetShortcut URL property buffer overflow
2013-01-07 00:00:00
RealPlayer InternetShortcut URL property buffer overflow
2013-01-07 00:00:00
RealPlayer InternetShortcut URL property buffer overflow
2013-01-07 00:00:00
cvelist
cvelist
CVE-2012-5691
2022-10-03 16:15:29
packetstorm
packetstorm
RealPlayer RealMedia File Handling Buffer Overflow
2012-12-28 00:00:00
nvd
nvd
CVE-2012-5691
2012-12-19 11:55:56
prion
prion
Buffer overflow
2012-12-19 11:55:00
cve
cve
CVE-2012-5691
2022-10-03 16:15:29
checkpoint_advisories
checkpoint_advisories
RealNetworks RealPlayer URL Parsing Stack Buffer Overflow (CVE-2012-5691)
2013-03-03 00:00:00
openvas
openvas
RealNetworks RealPlayer Code Execution Vulnerabilities - Dec12 (Windows)
2012-12-25 00:00:00
RealNetworks RealPlayer Code Execution Vulnerabilities (Dec 2012) - Windows
2012-12-25 00:00:00
nessus
nessus
RealPlayer for Windows < 16.0.0.282 Multiple Vulnerabilities
2012-12-18 00:00:00
Real Networks RealPlayer < 16.0.0.282 Multiple Vulnerabilities
2013-01-03 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.817 High

EPSS

Percentile

98.4%

JSON
Related for SAINT:F139377CFA4FD0DA72C85AD8185F9BFC
saint3cvelist1packetstorm1nvd1prion1cve1checkpoint_advisories1openvas2nessus2