CVE-2011-1221: XSS
First published: Tue Oct 04 2011(Updated: )
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.1 | |
| RealPlayer | =14.0.3 | |
| RealPlayer | =14.0.1 | |
| RealPlayer | =14.0.4 | |
| RealPlayer | =14.0.2 | |
| RealPlayer | =14.0.5 | |
| RealPlayer | =14.0.0 | |
| RealNetworks RealPlayer SP | =1.0.1 | |
| RealNetworks RealPlayer SP | =1.1.5 | |
| RealNetworks RealPlayer SP | =1.1.3 | |
| RealNetworks RealPlayer SP | =1.0.0 | |
| RealNetworks RealPlayer SP | =1.0.2 | |
| RealNetworks RealPlayer SP | =1.1 | |
| RealNetworks RealPlayer SP | =1.1.2 | |
| RealNetworks RealPlayer SP | =1.1.4 | |
| RealNetworks RealPlayer SP | =1.1.1 | |
| RealNetworks RealPlayer SP | =1.0.5 | |
| RealPlayer | =2.1.5 | |
| RealPlayer | =2.1 | |
| RealPlayer | =2.1.3 | |
| RealPlayer | =2.1.2 | |
| RealPlayer | =2.0 | |
| RealPlayer | =2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2011-1221?
CVE-2011-1221 is classified as a moderate severity vulnerability due to its potential for cross-zone scripting attacks.
How do I fix CVE-2011-1221?
To fix CVE-2011-1221, users should update their RealPlayer software to the latest version that addresses this vulnerability.
Which versions of RealPlayer are affected by CVE-2011-1221?
CVE-2011-1221 affects RealPlayer versions 11.0 through 11.1, and 14.0.0 through 14.0.5, as well as RealPlayer SP 1.0 through 1.1.5.
What type of vulnerability is CVE-2011-1221?
CVE-2011-1221 is a cross-zone scripting vulnerability that allows remote attackers to inject arbitrary web script or HTML.
What impact could CVE-2011-1221 have on users?
If exploited, CVE-2011-1221 could allow attackers to execute malicious scripts in the context of a user's browser.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.1
- version/realplayer/14.0.3
- version/realplayer/14.0.1
- version/realplayer/14.0.4
- version/realplayer/14.0.2
- version/realplayer/14.0.5
- version/realplayer/14.0.0
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.1.5
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.0.5
- version/realplayer/2.1.5
- version/realplayer/2.1
- version/realplayer/2.1.3
- version/realplayer/2.1.2
- version/realplayer/2.0
- version/realplayer/2.1.4