CVE-2011-4256
RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
El codec RV30 en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 no se inicializa un valor de índice especificado, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.
*Credits:
Damian Put
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-11-01 CVE Reserved
- 2011-11-24 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://service.real.com/realplayer/security/11182011_player/en | 2012-03-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | <= 12.0.0.1701 Search vendor "Realnetworks" for product "Realplayer" and version " <= 12.0.0.1701" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 7.0 Search vendor "Realnetworks" for product "Realplayer" and version "7.0" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 8.0 Search vendor "Realnetworks" for product "Realplayer" and version "8.0" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0 Search vendor "Realnetworks" for product "Realplayer" and version "10.0" | mac_os_x |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0.0.305 Search vendor "Realnetworks" for product "Realplayer" and version "10.0.0.305" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0.0.331 Search vendor "Realnetworks" for product "Realplayer" and version "10.0.0.331" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.1 Search vendor "Realnetworks" for product "Realplayer" and version "10.1" | mac_os_x |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 12.0.0.1569 Search vendor "Realnetworks" for product "Realplayer" and version "12.0.0.1569" | mac_os |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | <= 14.0.7 Search vendor "Realnetworks" for product "Realplayer" and version " <= 14.0.7" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 4 Search vendor "Realnetworks" for product "Realplayer" and version "4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 5 Search vendor "Realnetworks" for product "Realplayer" and version "5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 6 Search vendor "Realnetworks" for product "Realplayer" and version "6" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 7 Search vendor "Realnetworks" for product "Realplayer" and version "7" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 8 Search vendor "Realnetworks" for product "Realplayer" and version "8" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0 Search vendor "Realnetworks" for product "Realplayer" and version "10.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0 Search vendor "Realnetworks" for product "Realplayer" and version "11.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2.1744 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2.1744" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.2.2315 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.2.2315" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "11.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1 Search vendor "Realnetworks" for product "Realplayer" and version "11.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11.1.3 Search vendor "Realnetworks" for product "Realplayer" and version "11.1.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11_build_6.0.14.748 Search vendor "Realnetworks" for product "Realplayer" and version "11_build_6.0.14.748" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 12.0.0.1444 Search vendor "Realnetworks" for product "Realplayer" and version "12.0.0.1444" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 12.0.0.1548 Search vendor "Realnetworks" for product "Realplayer" and version "12.0.0.1548" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.0 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.1 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.1" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.1.609 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.1.609" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.1.633 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.1.633" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.2 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.2" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.3 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.3" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.4 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.4" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.5 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 14.0.6 Search vendor "Realnetworks" for product "Realplayer" and version "14.0.6" | - |
Affected
| ||||||