CVE-2012-2407
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://service.real.com/realplayer/security/09072012_player/en/
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| realnetworks | realplayer | {"endIncluding":"15.0.5.109"} | |
| realnetworks | realplayer | 2.1.2 | |
| realnetworks | realplayer | 2.1.3 | |
| realnetworks | realplayer | 2.1.4 | |
| realnetworks | realplayer | 4 | |
| realnetworks | realplayer | 5 | |
| realnetworks | realplayer | 6 | |
| realnetworks | realplayer | 7 | |
| realnetworks | realplayer | 8 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.2.1744 | |
| realnetworks | realplayer | 11.0.2.2315 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer | 11.1 | |
| realnetworks | realplayer | 11.1.3 | |
| realnetworks | realplayer | 11_build_6.0.14.748 | |
| realnetworks | realplayer | 12.0.0.1444 | |
| realnetworks | realplayer | 12.0.0.1548 | |
| realnetworks | realplayer | 14.0.0 | |
| realnetworks | realplayer | 14.0.1 | |
| realnetworks | realplayer | 14.0.1.609 | |
| realnetworks | realplayer | 14.0.2 | |
| realnetworks | realplayer | 14.0.3 | |
| realnetworks | realplayer | 14.0.4 | |
| realnetworks | realplayer | 14.0.5 | |
| realnetworks | realplayer | 15.0.2.72 | |
| realnetworks | realplayer | 15.0.3.37 | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| realnetworks | realplayer_sp | 1.0.2 | |
| realnetworks | realplayer_sp | 1.0.5 | |
| realnetworks | realplayer_sp | 1.1 | |
| realnetworks | realplayer_sp | 1.1.1 | |
| realnetworks | realplayer_sp | 1.1.2 | |
| realnetworks | realplayer_sp | 1.1.3 | |
| realnetworks | realplayer_sp | 1.1.4 | |
| realnetworks | realplayer_sp | 1.1.5 | |
| realnetworks | realplayer | 12.0.0.1701 | |
References
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.