CVE-2011-2948

RealPlayer Remote Code Execution via DEFINEFONT Field in SWF Files

Title source: llm
STIX 2.1

Description

RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-268/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025943

Scores

EPSS 0.0265
EPSS Percentile 85.9%

Details

CWE
CWE-119
Status published
Products (24)
realnetworks/realplayer 11.0
realnetworks/realplayer 11.1
realnetworks/realplayer 14.0.0
realnetworks/realplayer 14.0.1
realnetworks/realplayer 14.0.2
realnetworks/realplayer 14.0.3
realnetworks/realplayer 14.0.4
realnetworks/realplayer 14.0.5
realnetworks/realplayer 2.0
realnetworks/realplayer 2.1.2
... and 14 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026