Home

Description

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-13 | Updated 2025-08-14 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unknown

7.5.1.86
affected

Credits

C4SS!0 G0M3S finder

References

raw.githubusercontent.com/...mat/real_networks_netzip_bof.rb exploit

www.exploit-db.com/exploits/16083 exploit

www.exploit-db.com/exploits/17985 exploit

www.softpedia.com/get/Compression-tools/NetZip-Classic.shtml product

www.vulncheck.com/...ip-classic-file-parsing-buffer-overflow third-party-advisory

cve.org (CVE-2011-10016)

nvd.nist.gov (CVE-2011-10016)

Download JSON