Vulnerability Details : CVE-2013-7260
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
Vulnerability category: OverflowExecute code
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2013-7260
Probability of exploitation activity in the next 30 days: 96.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-7260
-
RealNetworks RealPlayer Version Attribute Buffer Overflow
Disclosure Date: 2013-12-20First seen: 2020-04-26exploit/windows/fileformat/realplayer_ver_attribute_bofThis module exploits a stack-based buffer overflow vulnerability in version 16.0.3.51 and 16.0.2.32 of RealNetworks RealPlayer, caused by improper bounds checking of the version and encoding attributes inside the XML declaration. By persuading the victim to
CVSS scores for CVE-2013-7260
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
CWE ids for CVE-2013-7260
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7260
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90160
Real Networks RealPlayer XML buffer overflow CVE-2013-7260 Vulnerability Report
-
http://www.exploit-db.com/exploits/30468/
RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow - Windows local Exploit
-
http://www.kb.cert.org/vuls/id/698278
VU#698278 - RealPlayer version 16.0.3.51 contains a buffer overflow vulnerabilityUS Government Resource
-
http://www.securityfocus.com/bid/64695
RealPlayer 'RMP' File Processing Remote Stack Buffer Overflow Vulnerability
-
http://service.real.com/realplayer/security/12202013_player/en/
RealPlayer and RealTimes Official Homepage – Real.comVendor Advisory
Products affected by CVE-2013-7260
- cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0._481:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:12.0.0.1444:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:12.0.0.1548:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:8:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:7:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:6:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:4:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:15.02.71:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:12.0.0.1701:*:mac:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:15.0.5.109:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:15.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:15.0.4.43:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:15.0.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:16.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:16.0.0.282:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:16.0.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:16.0.2.32:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:16.0.3.51:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:12.0.1.1737:-:-:*:-:macos:*:*