PT-2012-6081 · Realnetworks · Realplayer Sp+1

Published

2012-12-19

Updated

2012-12-19

CVE-2012-5690

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealPlayer versions prior to 16.0.0.282 RealPlayer SP versions 1.0 through 1.1.5

Description The issue allows remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

Recommendations For RealPlayer versions prior to 16.0.0.282, update to version 16.0.0.282 or later. For RealPlayer SP versions 1.0 through 1.1.5, consider upgrading to a version outside of this range as a temporary workaround, until a patch is available.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2012-5690

Affected Products

Realplayer

Realplayer Sp

PT-2012-6081 · Realnetworks · Realplayer Sp+1

CVE-2012-5690

Weakness Enumeration

Related Identifiers

Affected Products

References · 2