CVE-2011-2955: Use After Free
First published: Thu Aug 18 2011(Updated: )
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0 | |
| RealPlayer | =11.1 | |
| RealPlayer | =14.0.3 | |
| RealPlayer | =14.0.1 | |
| RealPlayer | =14.0.4 | |
| RealPlayer | =14.0.2 | |
| RealPlayer | =14.0.5 | |
| RealPlayer | =14.0.0 | |
| RealNetworks RealPlayer SP | =1.0.1 | |
| RealNetworks RealPlayer SP | =1.1.5 | |
| RealNetworks RealPlayer SP | =1.1.3 | |
| RealNetworks RealPlayer SP | =1.0.0 | |
| RealNetworks RealPlayer SP | =1.0.2 | |
| RealNetworks RealPlayer SP | =1.1 | |
| RealNetworks RealPlayer SP | =1.1.2 | |
| RealNetworks RealPlayer SP | =1.1.4 | |
| RealNetworks RealPlayer SP | =1.1.1 | |
| RealNetworks RealPlayer SP | =1.0.5 | |
| RealPlayer | =2.1.5 | |
| RealPlayer | =2.1 | |
| RealPlayer | =2.1.3 | |
| RealPlayer | =2.1.2 | |
| RealPlayer | =2.0 | |
| RealPlayer | =2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-2955?
CVE-2011-2955 has a high severity rating due to its potential to allow remote code execution.
How do I fix CVE-2011-2955?
To fix CVE-2011-2955, users should update their RealPlayer to the latest version available from RealNetworks.
Which versions of RealPlayer are affected by CVE-2011-2955?
CVE-2011-2955 affects RealPlayer versions 11.0 to 11.1 and 14.0.0 to 14.0.5, as well as RealPlayer SP 1.0 to 1.1.5.
What type of vulnerability is CVE-2011-2955?
CVE-2011-2955 is identified as a use-after-free vulnerability that can lead to arbitrary code execution.
Who can exploit CVE-2011-2955?
CVE-2011-2955 can be exploited by remote attackers to execute arbitrary code if the affected versions of RealPlayer are in use.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0
- version/realplayer/11.1
- version/realplayer/14.0.3
- version/realplayer/14.0.1
- version/realplayer/14.0.4
- version/realplayer/14.0.2
- version/realplayer/14.0.5
- version/realplayer/14.0.0
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.1.5
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.0.5
- version/realplayer/2.1.5
- version/realplayer/2.1
- version/realplayer/2.1.3
- version/realplayer/2.1.2
- version/realplayer/2.0
- version/realplayer/2.1.4