Unrated severityNVD Advisory· Published Oct 20, 2007· Updated Apr 23, 2026

CVE-2007-5601

Description

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

Affected products

RealNetworks/Realplayer3 versions
cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:11_beta:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27248nvdVendor Advisory
www.vupen.com/english/advisories/2007/3548nvdVendor Advisory
www.kb.cert.org/vuls/id/871673nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA07-297A.htmlnvdUS Government Resource
service.real.com/realplayer/security/191007_player/en/nvd
www.infosecblog.org/2007/10/nasa-bans-ie.htmlnvd
www.securityfocus.com/bid/26130nvd
www.securitytracker.com/idnvd
www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/37280nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000