First published: Thu Aug 18 2011(Updated: )
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RealPlayer | =11.0 | |
RealPlayer | =11.1 | |
RealPlayer | =14.0.3 | |
RealPlayer | =14.0.1 | |
RealPlayer | =14.0.4 | |
RealPlayer | =14.0.2 | |
RealPlayer | =14.0.5 | |
RealPlayer | =14.0.0 | |
RealNetworks RealPlayer SP | =1.0.1 | |
RealNetworks RealPlayer SP | =1.1.5 | |
RealNetworks RealPlayer SP | =1.1.3 | |
RealNetworks RealPlayer SP | =1.0.0 | |
RealNetworks RealPlayer SP | =1.0.2 | |
RealNetworks RealPlayer SP | =1.1 | |
RealNetworks RealPlayer SP | =1.1.2 | |
RealNetworks RealPlayer SP | =1.1.4 | |
RealNetworks RealPlayer SP | =1.1.1 | |
RealNetworks RealPlayer SP | =1.0.5 | |
RealPlayer | =2.1.5 | |
RealPlayer | =2.1 | |
RealPlayer | =2.1.3 | |
RealPlayer | =2.1.2 | |
RealPlayer | =2.0 | |
RealPlayer | =2.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-2952 has a high severity rating due to its ability to allow remote code execution.
To fix CVE-2011-2952, update RealPlayer to the latest version that addresses the vulnerability.
CVE-2011-2952 affects RealPlayer versions 11.0-11.1 and 14.0.0-14.0.5, along with RealPlayer SP versions 1.0-1.1.5.
No, CVE-2011-2952 is specifically exploited by remote attackers through crafted dialog box interactions.
Systems running vulnerable versions of RealPlayer, including both personal and enterprise editions, are at risk from CVE-2011-2952.