1. CVE-Search
  2. CVE-2011-2952
ID CVE-2011-2952
Summary Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:2.0:*:enterprise:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:2.0:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:2.1:*:enterprise:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:2.1:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:2.1.5:*:enterprise:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:2.1.5:*:enterprise:*:*:*:*:*
CVSS
Base: 9.3 (as of 06-10-2011 - 02:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm http://service.real.com/realplayer/security/08162011_player/en/
sectrack 1025943
Last major update 06-10-2011 - 02:50
Published 18-08-2011 - 23:55
Last modified 06-10-2011 - 02:50
Back to Top