CVE-2011-10016
9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RealNetworks Inc. | Netzip Classic | 7.5.1.86 | affected |
Weaknesses
- CWE-121: CWE-121 Stack-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb
- https://www.exploit-db.com/exploits/16083
- https://www.exploit-db.com/exploits/17985
- https://www.softpedia.com/get/Compression-tools/NetZip-Classic.shtml
- https://www.vulncheck.com/advisories/real-networks-netzip-classic-file-parsing-buffer-overflow
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.