Vulnerability Database

318,273

Total vulnerabilities in the database

CVE-2011-2952

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.

Published: Aug 18, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-2952
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.1	11.1.x
realnetworks / realplayer	14.0.3	14.0.3.x
realnetworks / realplayer	14.0.1	14.0.1.x
realnetworks / realplayer	14.0.4	14.0.4.x
realnetworks / realplayer	14.0.2	14.0.2.x
realnetworks / realplayer	14.0.5	14.0.5.x
realnetworks / realplayer	14.0.0	14.0.0.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer_sp	1.1.5	1.1.5.x
realnetworks / realplayer_sp	1.1.3	1.1.3.x
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.2	1.0.2.x
realnetworks / realplayer_sp	1.1	1.1.x
realnetworks / realplayer_sp	1.1.2	1.1.2.x
realnetworks / realplayer_sp	1.1.4	1.1.4.x
realnetworks / realplayer_sp	1.1.1	1.1.1.x
realnetworks / realplayer_sp	1.0.5	1.0.5.x
realnetworks / realplayer	2.1.5	2.1.5.x
realnetworks / realplayer	2.1	2.1.x
realnetworks / realplayer	2.1.3	2.1.3.x
realnetworks / realplayer	2.1.2	2.1.2.x
realnetworks / realplayer	2.0	2.0.x
realnetworks / realplayer	2.1.4	2.1.4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo