CVE-2011-2953

An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.

Published: Aug 19, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2953
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.1	11.1.x
realnetworks / realplayer	14.0.3	14.0.3.x
realnetworks / realplayer	14.0.1	14.0.1.x
realnetworks / realplayer	14.0.4	14.0.4.x
realnetworks / realplayer	14.0.2	14.0.2.x
realnetworks / realplayer	14.0.5	14.0.5.x
realnetworks / realplayer	14.0.0	14.0.0.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer_sp	1.1.5	1.1.5.x
realnetworks / realplayer_sp	1.1.3	1.1.3.x
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.2	1.0.2.x
realnetworks / realplayer_sp	1.1	1.1.x
realnetworks / realplayer_sp	1.1.2	1.1.2.x
realnetworks / realplayer_sp	1.1.4	1.1.4.x
realnetworks / realplayer_sp	1.1.1	1.1.1.x
realnetworks / realplayer_sp	1.0.5	1.0.5.x
realnetworks / realplayer	2.1.5	2.1.5.x
realnetworks / realplayer	2.1	2.1.x
realnetworks / realplayer	2.1.3	2.1.3.x
realnetworks / realplayer	2.1.2	2.1.2.x
realnetworks / realplayer	2.0	2.0.x
realnetworks / realplayer	2.1.4	2.1.4.x

Vulnerability Database

290,018

CVE-2011-2953