CVE-2011-2951
RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
Un desbordamiento de búfer en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5 y Mac RealPlayer v12.0.0.1569 permite a atacantes remotos ejecutar código de su elección a través de un campo raw_data_frame debidamente modificado en un archivo AAC.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists due to the application using a size defined in a header in order to allocate some number of bytes. When processing an AAC raw_data_frame, the application will use the product of the original length and a field inside one of its elements. During the copy operation, this length will be larger than the amount that was allocated for which will cause a buffer overflow and can lead to code execution under the context of the application.
*Credits:
Donato FerranteAndrzej Dyjak
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-07-27 CVE Reserved
- 2011-08-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1025943 | Vdb Entry | |
| http://zerodayinitiative.com/advisories/ZDI-11-266 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://service.real.com/realplayer/security/08162011_player/en | 2011-10-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0 Search vendor "Realnetworks" for product "Realplayer" and version "11.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.0 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 12.0.0.1569 Search vendor "Realnetworks" for product "Realplayer" and version "12.0.0.1569" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.0 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.2 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.0.5 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.1 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.2 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.3 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.4 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Sp Search vendor "Realnetworks" for product "Realplayer Sp" | 1.1.5 Search vendor "Realnetworks" for product "Realplayer Sp" and version "1.1.5" | - |
Affected
| ||||||