Vulnerabilities > CVE-2016-9018 - NULL Pointer Dereference vulnerability in Realnetworks Realplayer 18.1.5.705

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

realnetworks

CWE-476

exploit available

NVD

Published: 2016-10-28

Updated: 2016-11-29

Summary

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.

Vulnerable Configurations

Part	Description	Count
Application	Realnetworks Realnetworks Realplayer 18.1.5.705	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Exploit-Db

id	EDB-ID:40617

References

https://www.exploit-db.com/exploits/40617/
http://www.securityfocus.com/bid/94239