ByteOS Network

NVD Vulnerability Details :

CVE-2011-10016

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-13 Aug, 2025 | 21:15

Updated At-14 Aug, 2025 | 13:11

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.3	CRITICAL	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-121	Secondary	disclosure@vulncheck.com

CWE ID: CWE-121

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/16083	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/17985	disclosure@vulncheck.com	N/A
https://www.softpedia.com/get/Compression-tools/NetZip-Classic.shtml	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/real-networks-netzip-classic-file-parsing-buffer-overflow	disclosure@vulncheck.com	N/A