CVE-2012-0924

RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.

Published: Feb 8, 2012
Updated: Nov 9, 2025
CVE: CVE-2012-0924
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	14.0.3	14.0.3.x
realnetworks / realplayer	14.0.1	14.0.1.x
realnetworks / realplayer	14.0.4	14.0.4.x
realnetworks / realplayer	14.0.6	14.0.6.x
realnetworks / realplayer	14.0.7	14.0.7.x
realnetworks / realplayer	14.0.2	14.0.2.x
realnetworks / realplayer	14.0.1.609	14.0.1.609.x
realnetworks / realplayer	14.0.5	14.0.5.x
realnetworks / realplayer	14.0.1.633	14.0.1.633.x
realnetworks / realplayer	14.0.0	14.0.0.x
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.0.4	11.0.4.x
realnetworks / realplayer	11.0.2	11.0.2.x
realnetworks / realplayer	11.0.3	11.0.3.x
realnetworks / realplayer	11.0.2.2315	11.0.2.2315.x
realnetworks / realplayer	11.0.5	11.0.5.x
realnetworks / realplayer	11.0.2.1744	11.0.2.1744.x
realnetworks / realplayer	11.1.3	11.1.3.x
realnetworks / realplayer	11.1	11.1.x
realnetworks / realplayer	11.0.1	11.0.1.x
realnetworks / realplayer	11_build_6.0.14.748	11_build_6.0.14.748.x
realnetworks / realplayer	15.0.0	15.0.0.x
realnetworks / realplayer	15.0.1.13	15.0.1.13.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer_sp	1.1.5	1.1.5.x
realnetworks / realplayer_sp	1.1.3	1.1.3.x
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.2	1.0.2.x
realnetworks / realplayer_sp	1.1	1.1.x
realnetworks / realplayer_sp	1.1.2	1.1.2.x
realnetworks / realplayer_sp	1.1.4	1.1.4.x
realnetworks / realplayer_sp	1.1.1	1.1.1.x
realnetworks / realplayer_sp	1.0.5	1.0.5.x

Vulnerability Database

318,273

CVE-2012-0924

Deep Security Visibility Without the Complexity