Main Vulnerability Database Vulnerabilities #VU44489

Code Injection in RealPlayer - CVE-2011-4256

Published: November 24, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44489

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-4256

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: RealNetworks

Affected software:
RealPlayer

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.

How to mitigate CVE-2011-4256

Install update from vendor's website.

Sources

http://service.real.com/realplayer/security/11182011_player/en/

Code Injection in RealPlayer - CVE-2011-4256

Detailed vulnerability description

How to mitigate CVE-2011-4256

Sources

Please verify you're human