CVE-2014-3444

Published: May 20, 2014Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.

Affected (5)

Products: Realnetworks: Realplayer

Realnetworks

1 product

Realplayer

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Up to 16.0.3.51
Realnetworks Realplayer	Version 16.0.0.282
Realnetworks Realplayer	Version 16.0.0
Realnetworks Realplayer	Version 16.0.1.18
Realnetworks Realplayer	Version 16.0.2.32

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

http://packetstormsecurity.com/files/126637

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/126637

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.