Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Real Networks NetZip Classic Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in Real Networks NetZip Classic version 7.5.1.86. This vulnerability occurs when the application parses a specially crafted ZIP archive that contains a file name exceeding the expected buffer size. Exploitation of this issue allows for arbitrary code execution under the context of the user opening the ZIP file.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.
Reproduction
The vulnerability can be reproduced by creating a ZIP file that includes a file name designed to exceed the buffer size limitations of NetZip Classic 7.5.1.86. This crafted ZIP file must then be opened with the vulnerable version of the application, which will trigger the buffer overflow and execute the embedded code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.