CVE-2011-10016
published 2025-08-13CVE-2011-10016: Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is…
PriorityP350critical9.3CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.40%
31.6th percentile
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks_inc | netzip_classic | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered by a ZIP archive containing a filename that exceeds the expected buffer size; monitor for ZIP files with abnormally long filenames being opened by NetZip Classic. ↗
- →Exploitation requires user interaction — an attacker must deliver a specially crafted ZIP file and convince the victim to open it with NetZip Classic; monitor for suspicious ZIP file delivery via email or web to users running NetZip Classic 7.5.1.86. ↗
- ·Affected version is specifically Real Networks Netzip Classic 7.5.1.86 (Windows); exploitation results in code execution under the victim user's context only — no privilege escalation beyond the current user. ↗
- ·The Metasploit module targets the fileformat vector (file-based exploitation), meaning no network listener is required on the victim side; the attack is entirely client-side. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/real_networks_netzip_bof.rbhttps://www.exploit-db.com/exploits/16083https://www.exploit-db.com/exploits/17985https://www.softpedia.com/get/Compression-tools/NetZip-Classic.shtmlhttps://www.vulncheck.com/advisories/real-networks-netzip-classic-file-parsing-buffer-overflow
2025-08-13
Published