CVE-2011-2951
RealPlayer 11.0-11.1, 14.0.0-14.0.5, SP 1.0-1.1.5, Mac 12.0.0.1569 - Remote Code Execution via Crafted AAC File
Title source: llmDescription
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025943
Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/08162011_player/en/
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-266/
Scores
EPSS
0.0583
EPSS Percentile
90.6%
Details
CWE
CWE-119
Status
published
Products (19)
realnetworks/realplayer
11.0
realnetworks/realplayer
11.1
realnetworks/realplayer
14.0.0
realnetworks/realplayer
14.0.1
realnetworks/realplayer
14.0.2
realnetworks/realplayer
14.0.3
realnetworks/realplayer
14.0.4
realnetworks/realplayer
14.0.5
realnetworks/realplayer
12.0.0.1569
realnetworks/realplayer_sp
1.0.0
... and 9 more
Published
Aug 18, 2011
Tracked Since
Feb 18, 2026