CVE-2011-2948: Buffer Overflow
First published: Thu Aug 18 2011(Updated: )
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.1 | |
| RealPlayer | =14.0.3 | |
| RealPlayer | =14.0.1 | |
| RealPlayer | =14.0.4 | |
| RealPlayer | =14.0.2 | |
| RealPlayer | =14.0.5 | |
| RealPlayer | =14.0.0 | |
| RealNetworks RealPlayer SP | =1.0.1 | |
| RealNetworks RealPlayer SP | =1.1.5 | |
| RealNetworks RealPlayer SP | =1.1.3 | |
| RealNetworks RealPlayer SP | =1.0.0 | |
| RealNetworks RealPlayer SP | =1.0.2 | |
| RealNetworks RealPlayer SP | =1.1 | |
| RealNetworks RealPlayer SP | =1.1.2 | |
| RealNetworks RealPlayer SP | =1.1.4 | |
| RealNetworks RealPlayer SP | =1.1.1 | |
| RealNetworks RealPlayer SP | =1.0.5 | |
| RealPlayer | =12.0.0.1569 | |
| RealPlayer | =2.1.5 | |
| RealPlayer | =2.1.3 | |
| RealPlayer | =2.1.2 | |
| RealPlayer | =2.0 | |
| RealPlayer | =2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-2948?
CVE-2011-2948 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2011-2948?
To fix CVE-2011-2948, users should update RealPlayer to the latest version provided by RealNetworks.
Which software versions are affected by CVE-2011-2948?
CVE-2011-2948 affects RealPlayer versions 11.0 through 11.1, 14.0.0 through 14.0.5, RealPlayer SP versions 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569.
What types of attacks can CVE-2011-2948 enable?
CVE-2011-2948 can enable attackers to execute arbitrary code or cause a denial of service.
Is there a workaround for CVE-2011-2948?
There are no publicized workarounds for CVE-2011-2948, making the best option to update the software.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.1
- version/realplayer/14.0.3
- version/realplayer/14.0.1
- version/realplayer/14.0.4
- version/realplayer/14.0.2
- version/realplayer/14.0.5
- version/realplayer/14.0.0
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.1.5
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.0.5
- version/realplayer/12.0.0.1569
- version/realplayer/2.1.5
- version/realplayer/2.1.3
- version/realplayer/2.1.2
- version/realplayer/2.0
- version/realplayer/2.1.4