CVE-2014-3444
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Control of Generation of Code ('Code Injection') The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 39182
Publication date : 2014-05-15 22h00 +00:00
Author : Aryan Bayaninejad
EDB Verified : Yes
source: https://www.securityfocus.com/bid/67434/info
RealPlayer is prone to a memory-corruption vulnerability.
An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
Realplayer 16.0.3.51 is vulnerable; other versions may also be affected.
# Exploit Title: [Realplayer memory corruption in latest Version 16.0.3.51 ]
# Date: [2014/05/13]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]
# Vendor Homepage: [www.real.com]
# Software Link: [
http://www.filehippo.com/download_realplayer/download/9b931239de41b8dce664656f25e1c28b/
]
# Version: [Version 16.0.3.51 and prior to that]
# Tested on: [Windows Xp Sp 3 x86, Windows 7 Sp1 x86]
# CVE : [CVE-2014-3444]
details:
Realplayer latest version 16.0.3.51 suffers from an memory corruption
Products Mentioned
Configuraton 0
Realnetworks>>Realplayer >> Version To (including) 16.0.3.51
- Realnetworks>>Realplayer >> Version - (Open CPE detail)
- Realnetworks>>Realplayer >> Version - (Open CPE detail)
- Realnetworks>>Realplayer >> Version 2.1.2 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 2.1.3 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 2.1.4 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 4 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 5 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 6 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 7 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 8 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 8.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 8.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 8.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0.6 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.0_6.0.12.690 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.5 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.5_6.0.12.1016 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 10.5_6.0.12.1040 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.1 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.2 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.2.1744 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.2.2315 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.3 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.4 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.0.5 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.1 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11.1.3 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 11_build_6.0.14.748 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 12.0.0.1444 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 12.0.0.1548 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 12.0.1.1737 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 12.0.1.1737 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 12.0.1.1738 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 12.0.1.1738 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.1 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.1.609 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.2 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.3 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.4 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 14.0.5 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 15.0.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 15.0.4 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 15.0.4.43 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 15.0.5.109 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 15.0.6.14 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 15.02.71 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 16.0.0 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 16.0.0.282 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 16.0.1.18 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 16.0.2.32 (Open CPE detail)
- Realnetworks>>Realplayer >> Version 16.0.3.51 (Open CPE detail)
Realnetworks>>Realplayer >> Version 16.0.0
- Realnetworks>>Realplayer >> Version 16.0.0 (Open CPE detail)
Realnetworks>>Realplayer >> Version 16.0.0.282
- Realnetworks>>Realplayer >> Version 16.0.0.282 (Open CPE detail)
Realnetworks>>Realplayer >> Version 16.0.1.18
- Realnetworks>>Realplayer >> Version 16.0.1.18 (Open CPE detail)
Realnetworks>>Realplayer >> Version 16.0.2.32
- Realnetworks>>Realplayer >> Version 16.0.2.32 (Open CPE detail)
References
2025©
tesweb SA
