CVEs-PoC/2011/CVE-2011-10016.md

### [CVE-2011-10016](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-10016)
![](https://img.shields.io/static/v1?label=Product&message=Netzip%20Classic&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.5.1.86%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brightgreen)

### Description

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.

### POC

#### Reference
- https://www.exploit-db.com/exploits/16083
- https://www.exploit-db.com/exploits/17985
- https://www.vulncheck.com/advisories/real-networks-netzip-classic-file-parsing-buffer-overflow

#### Github
No PoCs found on GitHub currently.