{"vuid":"VU#246524","idnumber":"246524","name":"Real Media Player filename handler stack buffer overflow vulnerability","keywords":["real","real media player","rmp","buffer overflow","cwe-121"],"overview":"Real Media Player fails to parse filenames correctly, which may allow a remote, unauthenticated attacker to execute arbitrary code in the context of the logged in user.","clean_desc":"CWE-121: Stack-based Buffer Overflow - CVE-2013-4973\nReal Media Player versions prior to version 16.0.3.51 are vulnerable to a stack buffer overflow when provided with a specially crafted .rmp file. When executed, it may allow a remote unauthenticated attacker to run arbitrary code in the context of the logged in user.","impact":"A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition, or execute arbitrary code with the privileges of the application..","resolution":"Apply an Update\nRealNetworks has provided an update to this application, RealPlayer 16.0.3.51. Users are advised to apply the update.","workarounds":"","sysaffected":"","thanks":"Thanks to hamburgers maccoy for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://service.real.com/realplayer/security/en/","http://cwe.mitre.org/data/definitions/121.html"],"cveids":["CVE-2013-4973"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-01-29T15:17:40Z","publicdate":"2013-08-23T00:00:00Z","datefirstpublished":"2013-08-26T13:38:54Z","dateupdated":"2013-08-26T13:38:57Z","revision":24,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"3.7","cvss_basevector":"AV:L/AC:H/Au:N/C:P/I:P/A:P","cvss_temporalscore":"2.9","cvss_environmentalscore":"0.9","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}