CVE-2011-1525

Published: Apr 6, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.

Affected (24)

Products: Realnetworks: Realplayer

1 product

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	Up to 14.0.1.633
Realnetworks Realplayer	Version 10.0
Realnetworks Realplayer	Version 10.5
Realnetworks Realplayer	Version 11.0.1
Realnetworks Realplayer	Version 11.0.2.1744
Realnetworks Realplayer	Version 11.0.2.2315
Realnetworks Realplayer	Version 11.0.2
Realnetworks Realplayer	Version 11.0.3
Realnetworks Realplayer	Version 11.0.4
Realnetworks Realplayer	Version 11.0.5
Realnetworks Realplayer	Version 11.0
Realnetworks Realplayer	Version 11.1.3
Realnetworks Realplayer	Version 11.1
Realnetworks Realplayer	Version 11_build_6.0.14.748
Realnetworks Realplayer	Version 12.0.0.1444
Realnetworks Realplayer	Version 12.0.0.1548
Realnetworks Realplayer	Version 14.0.0
Realnetworks Realplayer	Version 14.0.1.609
Realnetworks Realplayer	Version 14.0.1
Realnetworks Realplayer	Version 4
Realnetworks Realplayer	Version 5
Realnetworks Realplayer	Version 6
Realnetworks Realplayer	Version 7
Realnetworks Realplayer	Version 8

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://aluigi.org/adv/real_5-adv.txt

Source: cve@mitre.org

Exploit

http://osvdb.org/71260

Source: cve@mitre.org

http://secunia.com/advisories/43847

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/8181

Source: cve@mitre.org

http://service.real.com/realplayer/security/04122011_player/en/

Source: cve@mitre.org

http://www.exploit-db.com/exploits/17019

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/517083/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/46946

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1025245

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/66209

Source: cve@mitre.org

http://aluigi.org/adv/real_5-adv.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://osvdb.org/71260

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43847

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/8181

Source: af854a3a-2127-422b-91ae-364da2661108

http://service.real.com/realplayer/security/04122011_player/en/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/17019

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/517083/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46946

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1025245

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/66209

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.