1. CVE-Search
  2. CVE-2011-2954
ID CVE-2011-2954
Summary Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 06-10-2011 - 02:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm http://service.real.com/realplayer/security/08162011_player/en/
sectrack 1025943
Last major update 06-10-2011 - 02:50
Published 18-08-2011 - 23:55
Last modified 06-10-2011 - 02:50
Back to Top