CVE-2011-1221

RealPlayer 11.0-11.1, 14.0.0-14.0.5, SP 1.0-1.1.5, Enterprise 2.0-2.1.5 - Cross-Zone Scripting via Local HTML Document

Title source: llm

Description

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://service.real.com/realplayer/security/08162011_player/en/

Scores

EPSS 0.0026

EPSS Percentile 49.7%

Details

CWE

CWE-79

Status published

Products (24)

realnetworks/realplayer 11.0

realnetworks/realplayer 11.1

realnetworks/realplayer 14.0.0

realnetworks/realplayer 14.0.1

realnetworks/realplayer 14.0.2

realnetworks/realplayer 14.0.3

realnetworks/realplayer 14.0.4

realnetworks/realplayer 14.0.5

realnetworks/realplayer 2.0

realnetworks/realplayer 2.1

... and 14 more

Published Oct 04, 2011

Tracked Since Feb 18, 2026