CVE-2013-6877

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.

Published: Dec 19, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-6877
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	16.0.2.32	16.0.2.32.x
realnetworks / realplayer	16.0.3.51	16.0.3.51.x

http://archives.neohapsis.com/archives/bugtraq/2013-12/0104.html
http://packetstormsecurity.com/files/124535
http://service.real.com/realplayer/security/12202013_player/en/
http://www.coresecurity.com/advisories/realplayer-heap-based-buffer-overflow-vulnerability
http://www.securityfocus.com/bid/64398

Vulnerability Database

289,784

CVE-2013-6877