ID:4074 - Exploit for Code Injection in RealPlayer - CVE-2014-3444

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4074 - Exploit for Code Injection in RealPlayer - CVE-2014-3444

ID:4074 - Exploit for Code Injection in RealPlayer - CVE-2014-3444

Published: August 11, 2020


Vulnerability identifier: #VU41657
Vulnerability risk: High
CVE-ID: CVE-2014-3444
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
RealPlayer

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.


Remediation

Install update from vendor's website.