VIR Vulnerability Intelligence Relay

CVE-2012-5690

critical
Published 2012-12-19 · Modified 2026-04-29
CVSS v3
CVSS v2
9.3
VIR risk
9.3

Description

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://service.real.com/realplayer/security/12142012_player/en/

Application impact
VendorProductVersionsFixed
realnetworksrealplayer{"endIncluding":"16.0.0"}
realnetworksrealplayer4
realnetworksrealplayer5
realnetworksrealplayer6
realnetworksrealplayer7
realnetworksrealplayer8
realnetworksrealplayer10.0
realnetworksrealplayer10.5
realnetworksrealplayer11.0
realnetworksrealplayer11.0.1
realnetworksrealplayer11.0.2
realnetworksrealplayer11.0.2.1744
realnetworksrealplayer11.0.2.2315
realnetworksrealplayer11.0.3
realnetworksrealplayer11.0.4
realnetworksrealplayer11.0.5
realnetworksrealplayer11.1
realnetworksrealplayer11.1.3
realnetworksrealplayer11_build_6.0.14.748
realnetworksrealplayer12.0.0.1444
realnetworksrealplayer12.0.0.1548
realnetworksrealplayer14.0.0
realnetworksrealplayer14.0.1
realnetworksrealplayer14.0.1.609
realnetworksrealplayer14.0.2
realnetworksrealplayer14.0.3
realnetworksrealplayer14.0.4
realnetworksrealplayer14.0.5
realnetworksrealplayer15.0.0
realnetworksrealplayer15.0.4
realnetworksrealplayer15.0.4.43
realnetworksrealplayer15.0.5.109
realnetworksrealplayer15.0.6.14
realnetworksrealplayer15.02.71
realnetworksrealplayer_sp1.0.0
realnetworksrealplayer_sp1.0.1
realnetworksrealplayer_sp1.0.2
realnetworksrealplayer_sp1.0.5
realnetworksrealplayer_sp1.1
realnetworksrealplayer_sp1.1.1
realnetworksrealplayer_sp1.1.2
realnetworksrealplayer_sp1.1.3
realnetworksrealplayer_sp1.1.4
realnetworksrealplayer_sp1.1.5

References

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.