Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
Conclusion & alert: CVE-2013-4973 is rated High Risk (66.1/100): CVSS Critical severity, with high exploitation likelihood (EPSS 6.06%, 92th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 9.52% | 6.06% | -3.46% |
| 2 | 2026-05-20 | 11.83% | 9.52% | -2.31% |
| 3 | 2025-03-30 | — | 11.83% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.3 | 2.0 | HIGH |
|
8.6 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| realnetworks | realplayer | <= 16.0.2.32 | cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:* |
| realnetworks | realplayer | 10.0 | cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:* |
| realnetworks | realplayer | 10.5 | cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0 | cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.1 | cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.2 | cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.2.1744 | cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.2.2315 | cpe:2.3:a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.3 | cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.4 | cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.0.5 | cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.1 | cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11.1.3 | cpe:2.3:a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:* |
| realnetworks | realplayer | 11_build_6.0.14.748 | cpe:2.3:a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:* |
| realnetworks | realplayer | 12.0.0.1444 | cpe:2.3:a:realnetworks:realplayer:12.0.0.1444:*:*:*:*:*:*:* |
| realnetworks | realplayer | 12.0.0.1548 | cpe:2.3:a:realnetworks:realplayer:12.0.0.1548:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.0 | cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.1 | cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.1.609 | cpe:2.3:a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.2 | cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.3 | cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.4 | cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:* |
| realnetworks | realplayer | 14.0.5 | cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:* |
| realnetworks | realplayer | 15.0.0 | cpe:2.3:a:realnetworks:realplayer:15.0.0:*:*:*:*:*:*:* |
| realnetworks | realplayer | 15.0.4 | cpe:2.3:a:realnetworks:realplayer:15.0.4:*:*:*:*:*:*:* |
| realnetworks | realplayer | 15.0.4.43 | cpe:2.3:a:realnetworks:realplayer:15.0.4.43:*:*:*:*:*:*:* |
| realnetworks | realplayer | 15.0.5.109 | cpe:2.3:a:realnetworks:realplayer:15.0.5.109:*:*:*:*:*:*:* |
| realnetworks | realplayer | 15.0.6.14 | cpe:2.3:a:realnetworks:realplayer:15.0.6.14:*:*:*:*:*:*:* |
| realnetworks | realplayer | 15.02.71 | cpe:2.3:a:realnetworks:realplayer:15.02.71:*:*:*:*:*:*:* |
| realnetworks | realplayer | 16.0.0 | cpe:2.3:a:realnetworks:realplayer:16.0.0:*:*:*:*:*:*:* |
| realnetworks | realplayer | 16.0.0.282 | cpe:2.3:a:realnetworks:realplayer:16.0.0.282:*:*:*:*:*:*:* |
| realnetworks | realplayer | 16.0.1.18 | cpe:2.3:a:realnetworks:realplayer:16.0.1.18:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.0.0 | cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.0.1 | cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.0.2 | cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.0.5 | cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.1 | cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.1.1 | cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.1.2 | cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.1.3 | cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.1.4 | cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:* |
| realnetworks | realplayer_sp | 1.1.5 | cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://service.real.com/realplayer/security/08232013_player/en/ | Vendor Advisory |
| http://www.kb.cert.org/vuls/id/246524 | US Government Resource |
| http://www.securityfocus.com/bid/61989 |