CVE-2011-2953
RealPlayer 11.0-11.1, 14.0.0-14.0.5, SP 1.0-1.1.5, Enterprise 2.0-2.1.5 - Remote Code Execution via ActiveX Control
Title source: llmDescription
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025943
Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/08162011_player/en/
Scores
EPSS
0.0387
EPSS Percentile
88.4%
Details
CWE
CWE-119
Status
published
Products (24)
realnetworks/realplayer
11.0
realnetworks/realplayer
11.1
realnetworks/realplayer
14.0.0
realnetworks/realplayer
14.0.1
realnetworks/realplayer
14.0.2
realnetworks/realplayer
14.0.3
realnetworks/realplayer
14.0.4
realnetworks/realplayer
14.0.5
realnetworks/realplayer
2.0
realnetworks/realplayer
2.1
... and 14 more
Published
Aug 18, 2011
Tracked Since
Feb 18, 2026