← Back

CVE-2011-1426

nvd nist
Published: Apr 18, 2011Modified: Apr 29, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.

Affected (15)

Realnetworks
2 products
Realplayer
Realplayer Sp
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Realnetworks
Realplayer
Version 11.0
Realplayer
Version 11.1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Realnetworks
Realplayer
Version 14.0.0
Realplayer
Version 14.0.1
Realplayer
Version 14.0.2
Configuration C
10 vulnerable
Vulnerable SoftwareAffected Versions
Realnetworks
Realplayer Sp
Version 1.0.0
Realplayer Sp
Version 1.0.1
Realplayer Sp
Version 1.0.2
Realplayer Sp
Version 1.0.5
Realplayer Sp
Version 1.1.1
Realplayer Sp
Version 1.1.2
Realplayer Sp
Version 1.1.3
Realplayer Sp
Version 1.1.4
Realplayer Sp
Version 1.1.5
Realplayer Sp
Version 1.1

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.