CVE-2011-2947

RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Cross-Zone Scripting via Local HTML Document

Title source: llm
STIX 2.1

Description

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025943
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-269/

Scores

EPSS 0.0030
EPSS Percentile 53.1%

Details

CWE
CWE-79
Status published
Products (18)
realnetworks/realplayer 11.0
realnetworks/realplayer 11.1
realnetworks/realplayer 14.0.0
realnetworks/realplayer 14.0.1
realnetworks/realplayer 14.0.2
realnetworks/realplayer 14.0.3
realnetworks/realplayer 14.0.4
realnetworks/realplayer 14.0.5
realnetworks/realplayer_sp 1.0.0
realnetworks/realplayer_sp 1.0.1
... and 8 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026