First published: Thu Aug 18 2011(Updated: )
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RealPlayer | =11.0 | |
RealPlayer | =11.1 | |
RealPlayer | =14.0.3 | |
RealPlayer | =14.0.1 | |
RealPlayer | =14.0.4 | |
RealPlayer | =14.0.2 | |
RealPlayer | =14.0.5 | |
RealPlayer | =14.0.0 | |
RealNetworks RealPlayer SP | =1.0.1 | |
RealNetworks RealPlayer SP | =1.1.5 | |
RealNetworks RealPlayer SP | =1.1.3 | |
RealNetworks RealPlayer SP | =1.0.0 | |
RealNetworks RealPlayer SP | =1.0.2 | |
RealNetworks RealPlayer SP | =1.1 | |
RealNetworks RealPlayer SP | =1.1.2 | |
RealNetworks RealPlayer SP | =1.1.4 | |
RealNetworks RealPlayer SP | =1.1.1 | |
RealNetworks RealPlayer SP | =1.0.5 | |
RealPlayer | =2.1.5 | |
RealPlayer | =2.1 | |
RealPlayer | =2.1.3 | |
RealPlayer | =2.1.2 | |
RealPlayer | =2.0 | |
RealPlayer | =2.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-2955 has a high severity rating due to its potential to allow remote code execution.
To fix CVE-2011-2955, users should update their RealPlayer to the latest version available from RealNetworks.
CVE-2011-2955 affects RealPlayer versions 11.0 to 11.1 and 14.0.0 to 14.0.5, as well as RealPlayer SP 1.0 to 1.1.5.
CVE-2011-2955 is identified as a use-after-free vulnerability that can lead to arbitrary code execution.
CVE-2011-2955 can be exploited by remote attackers to execute arbitrary code if the affected versions of RealPlayer are in use.