FKIE_CVE-2013-7260

Vulnerability from fkie_nvd - Published: 2014-01-03 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
References
cve@mitre.orghttp://service.real.com/realplayer/security/12202013_player/en/Vendor Advisory
cve@mitre.orghttp://www.exploit-db.com/exploits/30468/
cve@mitre.orghttp://www.kb.cert.org/vuls/id/698278US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/64695
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/90160
af854a3a-2127-422b-91ae-364da2661108http://service.real.com/realplayer/security/12202013_player/en/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/30468/
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/698278US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64695
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90160
Impacted products
Vendor Product Version
realnetworks realplayer *
realnetworks realplayer 2.1.2
realnetworks realplayer 2.1.3
realnetworks realplayer 2.1.4
realnetworks realplayer 4
realnetworks realplayer 5
realnetworks realplayer 6
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 10.0
realnetworks realplayer 10.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.2
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.1
realnetworks realplayer 11.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.0
realnetworks realplayer 14.0.1
realnetworks realplayer 14.0.1.609
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.4
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer 15.0.4.43
realnetworks realplayer 15.0.5.109
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.02.71
realnetworks realplayer 16.0.0
realnetworks realplayer 16.0.0.282
realnetworks realplayer 16.0.1.18
realnetworks realplayer 16.0.2.32
realnetworks realplayer 16.0.3.51
realnetworks realplayer 10.0
realnetworks realplayer 10.0
realnetworks realplayer 10.0
realnetworks realplayer 10.1
realnetworks realplayer 10.1
realnetworks realplayer 10.1
realnetworks realplayer 12.0.0.1701
realnetworks realplayer 12.0.1.1737
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB32A02A-01A1-4F23-9055-F1CBAFE68D1E",
              "versionEndIncluding": "17.0.4.60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "1E2BC096-43B6-4696-8467-CC3D0163EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3A29D4B9-DD00-43F6-ACEA-B830FDFC1E5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "320D3DA6-DD8C-4423-84E5-55906D47BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8374739F-8F46-4B07-9432-4A38BCC3E836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "871CD3B2-ABAE-4B9E-89AE-FB6848D7A696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E5B3F-513E-4BEE-8B32-7A9404F97C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0301EF-960C-475F-A2A0-5410CA17CBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A155A338-93F2-4D58-B825-E2D3F88C3C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*",
              "matchCriteriaId": "381DD10A-3459-40BD-88DB-2CC0BCA63F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8FC5594-3C28-417F-B621-C29E3E2D60D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF2C4FD-DAB6-4D38-9B30-C51CC17444D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A1E94D-E25C-4888-9FDE-207FEC5FD370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:12.0.0.1444:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E454E6F-6229-4538-8B64-B16FA1F97F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:12.0.0.1548:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A25BC2-1677-43A4-92CA-A971109DE08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70D263C-820C-4399-9215-D69082024287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6486B4-AEDB-428C-9F10-A494681577D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7AA21F1-EB31-4D62-B43C-FE8887AA6D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D825DDF3-5D19-403E-8990-58521314E99B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B4A01C-B07A-4879-926B-8C5F272F5662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9EA3EBA-DDB3-4C2E-BC78-9225E4D65C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEB9795-829C-4F2A-A796-EF0025E993F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E075E2D6-FE35-4310-8456-4DFAEF55F071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:15.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1FADAC-B763-410E-B8B3-FEC5BCB78912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:15.0.4.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "909306C9-D58F-40CF-9729-3B2ECC672203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:15.0.5.109:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9B74FB-2236-402E-9999-C12F110C7621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:15.0.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EC7F73-8C89-458C-954A-2A4F421DD1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:15.02.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "671ACD3D-6B00-4BE1-80B1-BAAAEBFD22A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:16.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7AA87DB-F397-41B9-AEDA-268E0C427D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:16.0.0.282:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B552F0-6997-48FF-BDCA-713F179D2CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:16.0.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41C801F-BC97-49C8-8AD9-85836BB3FC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:16.0.2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5620A0-8DAF-4FE6-8955-FA4B96ACF955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:16.0.3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "2652FC78-519C-4340-9DA9-74B83B4D20BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*",
              "matchCriteriaId": "995983E3-6968-4071-A3E7-BC84800894C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*",
              "matchCriteriaId": "1D5A55EF-BFC7-4703-B115-910DC8338733",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*",
              "matchCriteriaId": "A4FE917E-31A3-4065-B723-FACECEB1BEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0._481:mac:*:*:*:*:*",
              "matchCriteriaId": "1311A415-4CBB-44BA-A014-FCC2BBFF6D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*",
              "matchCriteriaId": "84E4F874-E9A5-40F1-82CF-5C2E4749DF6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*",
              "matchCriteriaId": "EBC0DDE6-356C-4EE7-83E1-7EF5A0C5A751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:12.0.0.1701:*:mac:*:*:*:*:*",
              "matchCriteriaId": "299B9493-5498-4480-AD8C-EA7F0311CAD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:12.0.1.1737:-:-:*:-:macos:*:*",
              "matchCriteriaId": "D73719D9-216A-48B5-B959-0C7331EDB4EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer basados en pila en RealNetworks RealPlayer anteriores a 17.0.4.61 en Windows, y Mac RealPlayer anteriores a 12.0.1.1738, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un n\u00famero de versi\u00f3n largo o (2) una declaraci\u00f3n de codificaci\u00f3n larga en la declaraci\u00f3n XML de un fichero RMP, un problema distinto al CVE-2013-6877."
    }
  ],
  "id": "CVE-2013-7260",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-03T20:55:06.383",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/12202013_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/30468/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/698278"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/64695"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/12202013_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/30468/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/698278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90160"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.