CVE-2011-2954: Use After Free
First published: Thu Aug 18 2011(Updated: )
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.1 | |
| RealPlayer | =14.0.3 | |
| RealPlayer | =14.0.1 | |
| RealPlayer | =14.0.4 | |
| RealPlayer | =14.0.2 | |
| RealPlayer | =14.0.5 | |
| RealPlayer | =14.0.0 | |
| RealNetworks RealPlayer SP | =1.0.1 | |
| RealNetworks RealPlayer SP | =1.1.5 | |
| RealNetworks RealPlayer SP | =1.1.3 | |
| RealNetworks RealPlayer SP | =1.0.0 | |
| RealNetworks RealPlayer SP | =1.0.2 | |
| RealNetworks RealPlayer SP | =1.1 | |
| RealNetworks RealPlayer SP | =1.1.2 | |
| RealNetworks RealPlayer SP | =1.1.4 | |
| RealNetworks RealPlayer SP | =1.1.1 | |
| RealNetworks RealPlayer SP | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-2954?
CVE-2011-2954 is classified as a critical vulnerability that allows remote code execution.
How do I fix CVE-2011-2954?
To mitigate CVE-2011-2954, users should upgrade to a patched version of RealPlayer that addresses this vulnerability.
Which versions of RealPlayer are affected by CVE-2011-2954?
CVE-2011-2954 affects RealPlayer versions 11.0 through 11.1 and 14.0.0 through 14.0.5, as well as RealPlayer SP 1.0 through 1.1.5.
Can CVE-2011-2954 be exploited through the internet?
Yes, CVE-2011-2954 can be exploited by remote attackers via unspecified vectors, potentially allowing them to execute arbitrary code.
What are the implications of CVE-2011-2954?
The implications of CVE-2011-2954 include the potential for attackers to gain control over the affected system through the use-after-free vulnerability.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.1
- version/realplayer/14.0.3
- version/realplayer/14.0.1
- version/realplayer/14.0.4
- version/realplayer/14.0.2
- version/realplayer/14.0.5
- version/realplayer/14.0.0
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.1.5
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.0.5