CVE-2011-2950

RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted QCP File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2950. PoCs published by Metasploit, Sean de Regge, juan vazquez, including Metasploit module exploits/windows/browser/realplayer_qcp.

AI-analyzed exploit summary This Metasploit module exploits a heap overflow in RealNetworks RealPlayer when parsing a maliciously crafted QCP file. It leverages a static buffer overflow in qcpfformat.dll to achieve remote code execution via a specially crafted 'fmt' chunk.

Description

Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17849

This Metasploit module exploits a heap overflow in RealNetworks RealPlayer when parsing a maliciously crafted QCP file. It leverages a static buffer overflow in qcpfformat.dll to achieve remote code execution via a specially crafted 'fmt' chunk.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealNetworks RealPlayer (versions affected by CVE-2011-2950)
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious QCP file · Target must have vulnerable RealPlayer installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Sean de Regge, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/realplayer_qcp.rb

This Metasploit module exploits a heap overflow in RealNetworks RealPlayer when parsing a maliciously crafted .QCP file. The exploit leverages a static 256-byte buffer overflow in qcpfformat.dll via a specially crafted 'fmt' chunk, leading to arbitrary code execution in the context of the web browser.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealNetworks RealPlayer (versions affected by CVE-2011-2950)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · RealPlayer must be installed and configured to handle .QCP files
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025943
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-265/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49172
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8388

Scores

EPSS 0.2990
EPSS Percentile 98.0%

Details

CWE
CWE-119
Status published
Products (18)
realnetworks/realplayer 11.0
realnetworks/realplayer 11.1
realnetworks/realplayer 14.0.0
realnetworks/realplayer 14.0.1
realnetworks/realplayer 14.0.2
realnetworks/realplayer 14.0.3
realnetworks/realplayer 14.0.4
realnetworks/realplayer 14.0.5
realnetworks/realplayer_sp 1.0.0
realnetworks/realplayer_sp 1.0.1
... and 8 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026