CVE-2011-2954
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Use-After-Free in AutoUpdate Feature
Title source: llmDescription
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025943
Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/08162011_player/en/
Scores
EPSS
0.0165
EPSS Percentile
82.3%
Details
CWE
CWE-399
Status
published
Products (18)
realnetworks/realplayer
11.0
realnetworks/realplayer
11.1
realnetworks/realplayer
14.0.0
realnetworks/realplayer
14.0.1
realnetworks/realplayer
14.0.2
realnetworks/realplayer
14.0.3
realnetworks/realplayer
14.0.4
realnetworks/realplayer
14.0.5
realnetworks/realplayer_sp
1.0.0
realnetworks/realplayer_sp
1.0.1
... and 8 more
Published
Aug 18, 2011
Tracked Since
Feb 18, 2026