Vulnerability Description
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/16083
- https://www.exploit-db.com/exploits/17985
- https://www.softpedia.com/get/Compression-tools/NetZip-Classic.shtml
- https://www.vulncheck.com/advisories/real-networks-netzip-classic-file-parsing-b
FAQ
What is CVE-2011-10016?
CVE-2011-10016 is a documented vulnerability. Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts ...
How severe is CVE-2011-10016?
CVSS scoring is not yet available for CVE-2011-10016. Check NVD for updates.
Is there a patch for CVE-2011-10016?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.