Vulnerability Details CVE-2011-2949
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.087
EPSS Ranking 92.0%
CVSS Severity
CVSS v2 Score 9.3
References
- http://service.real.com/realplayer/security/08162011_player/en/
- http://www.securitytracker.com/id?1025943
- http://zerodayinitiative.com/advisories/ZDI-11-267/
- http://service.real.com/realplayer/security/08162011_player/en/
- http://www.securitytracker.com/id?1025943
- http://zerodayinitiative.com/advisories/ZDI-11-267/
Products affected by CVE-2011-2949
-
cpe:2.3:a:realnetworks:realplayer:11.0
-
cpe:2.3:a:realnetworks:realplayer:11.1
-
cpe:2.3:a:realnetworks:realplayer:14.0.0
-
cpe:2.3:a:realnetworks:realplayer:14.0.1
-
cpe:2.3:a:realnetworks:realplayer:14.0.2
-
cpe:2.3:a:realnetworks:realplayer:14.0.3
-
cpe:2.3:a:realnetworks:realplayer:14.0.4
-
cpe:2.3:a:realnetworks:realplayer:14.0.5
-
cpe:2.3:a:realnetworks:realplayer:2.0
-
cpe:2.3:a:realnetworks:realplayer:2.1.2
-
cpe:2.3:a:realnetworks:realplayer:2.1.3
-
cpe:2.3:a:realnetworks:realplayer:2.1.4
-
cpe:2.3:a:realnetworks:realplayer:2.1.5
-
cpe:2.3:a:realnetworks:realplayer_sp:1.0.0
-
cpe:2.3:a:realnetworks:realplayer_sp:1.0.1
-
cpe:2.3:a:realnetworks:realplayer_sp:1.0.2
-
cpe:2.3:a:realnetworks:realplayer_sp:1.0.5
-
cpe:2.3:a:realnetworks:realplayer_sp:1.1
-
cpe:2.3:a:realnetworks:realplayer_sp:1.1.1
-
cpe:2.3:a:realnetworks:realplayer_sp:1.1.2
-
cpe:2.3:a:realnetworks:realplayer_sp:1.1.3
-
cpe:2.3:a:realnetworks:realplayer_sp:1.1.4
-
cpe:2.3:a:realnetworks:realplayer_sp:1.1.5