CVE-2011-0694

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.

Published: Feb 21, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0694
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.1	11.1.x
realnetworks / realplayer	14.0.1	14.0.1.x
realnetworks / realplayer	14.0.0	14.0.0.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer_sp	1.1.5	1.1.5.x
realnetworks / realplayer_sp	1.1.3	1.1.3.x
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.2	1.0.2.x
realnetworks / realplayer_sp	1.1	1.1.x
realnetworks / realplayer_sp	1.1.2	1.1.2.x
realnetworks / realplayer_sp	1.1.4	1.1.4.x
realnetworks / realplayer_sp	1.1.1	1.1.1.x
realnetworks / realplayer_sp	1.0.5	1.0.5.x
realnetworks / realplayer	2.1	2.1.x
realnetworks / realplayer	2.1.3	2.1.3.x
realnetworks / realplayer	2.1.2	2.1.2.x
realnetworks / realplayer	2.0	2.0.x
realnetworks / realplayer	2.1.4	2.1.4.x

Vulnerability Database

289,871

CVE-2011-0694