PT-2025-33085 · Realnetworks · Netzip Classic
Published
2025-08-13
·
Updated
2025-08-14
·
CVE-2011-10016
CVSS v4.0
9.3
Critical
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Real Networks Netzip Classic version 7.5.1.86
Description:
Real Networks Netzip Classic version 7.5.1.86 is susceptible to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The issue occurs when the application attempts to process a file name within the archive that exceeds the expected buffer size. Successful exploitation allows for arbitrary code execution in the context of the victim user upon opening the ZIP file.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netzip Classic