Main Vulnerability Database Vulnerabilities #VU44499

Input validation error in RealPlayer - CVE-2011-4249

Published: November 24, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44499

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-4249

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: RealNetworks

Affected software:
RealPlayer

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

How to mitigate CVE-2011-4249

Install update from vendor's website.

Sources

http://service.real.com/realplayer/security/11182011_player/en/

Input validation error in RealPlayer - CVE-2011-4249

Detailed vulnerability description

How to mitigate CVE-2011-4249

Sources

Please verify you're human