CVE-2011-0694

Published: Feb 21, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.

Affected (19)

Products: Realnetworks: Realplayer, Realplayer Sp

Realnetworks

2 products

Realplayer

Realplayer Sp

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Version 11.0
Realnetworks Realplayer	Version 11.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Version 14.0.0
Realnetworks Realplayer	Version 14.0.1

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer Sp	Version 1.0.0
Realnetworks Realplayer Sp	Version 1.0.1
Realnetworks Realplayer Sp	Version 1.0.2
Realnetworks Realplayer Sp	Version 1.0.5
Realnetworks Realplayer Sp	Version 1.1.1
Realnetworks Realplayer Sp	Version 1.1.2
Realnetworks Realplayer Sp	Version 1.1.3
Realnetworks Realplayer Sp	Version 1.1.4
Realnetworks Realplayer Sp	Version 1.1.5
Realnetworks Realplayer Sp	Version 1.1

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Version 2.0
Realnetworks Realplayer	Version 2.1.2
Realnetworks Realplayer	Version 2.1.3
Realnetworks Realplayer	Version 2.1.4
Realnetworks Realplayer	Version 2.1