Vulnerability Details : CVE-2012-5691

Exploit prediction scoring system (EPSS) score for CVE-2012-5691

Metasploit modules for CVE-2012-5691

• RealPlayer RealMedia File Handling Buffer Overflow

  Disclosure Date : 2012-12-14

  exploit/windows/fileformat/real_player_url_property_bof

  This module exploits a stack based buffer overflow on RealPlayer <=15.0.6.14. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109. Authors: - suto <[email protected]>

  More information

CVSS scores for CVE-2012-5691

CWE ids for CVE-2012-5691

• CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
  The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
  Assigned by: [email protected] (Primary)

References for CVE-2012-5691

Products affected by CVE-2012-5691