CVE-2011-1525

Current Description

Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.

Basic Data

PublishedApril 06, 2011
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRealnetworksRealplayer4*******
    2.3ApplicationRealnetworksRealplayer5*******
    2.3ApplicationRealnetworksRealplayer6*******
    2.3ApplicationRealnetworksRealplayer7*******
    2.3ApplicationRealnetworksRealplayer8*******
    2.3ApplicationRealnetworksRealplayer10.0*******
    2.3ApplicationRealnetworksRealplayer10.5*******
    2.3ApplicationRealnetworksRealplayer11.0*******
    2.3ApplicationRealnetworksRealplayer11.0.1*******
    2.3ApplicationRealnetworksRealplayer11.0.2*******
    2.3ApplicationRealnetworksRealplayer11.0.2.1744*******
    2.3ApplicationRealnetworksRealplayer11.0.2.2315*******
    2.3ApplicationRealnetworksRealplayer11.0.3*******
    2.3ApplicationRealnetworksRealplayer11.0.4*******
    2.3ApplicationRealnetworksRealplayer11.0.5*******
    2.3ApplicationRealnetworksRealplayer11.1*******
    2.3ApplicationRealnetworksRealplayer11.1.3*******
    2.3ApplicationRealnetworksRealplayer11_build_6.0.14.748*******
    2.3ApplicationRealnetworksRealplayer12.0.0.1444*******
    2.3ApplicationRealnetworksRealplayer12.0.0.1548*******
    2.3ApplicationRealnetworksRealplayer14.0.0*******
    2.3ApplicationRealnetworksRealplayer14.0.1*******
    2.3ApplicationRealnetworksRealplayer14.0.1.609*******
    2.3ApplicationRealnetworksRealplayer********14.0.1.633

Vulnerable Software List

VendorProductVersions
Realnetworks Realplayer *, 10.0, 10.5, 11.0, 11.0.1, 11.0.2, 11.0.2.1744, 11.0.2.2315, 11.0.3, 11.0.4, 11.0.5, 11.1, 11.1.3, 11_build_6.0.14.748, 12.0.0.1444, 12.0.0.1548, 14.0.0, 14.0.1, 14.0.1.609, 4, 5, 6, 7, 8

References

NameSourceURLTags
http://aluigi.org/adv/real_5-adv.txthttp://aluigi.org/adv/real_5-adv.txtMISCExploit
71260http://osvdb.org/71260OSVDB
43847http://secunia.com/advisories/43847SECUNIAVendor Advisory
8181http://securityreason.com/securityalert/8181SREASON
http://service.real.com/realplayer/security/04122011_player/en/http://service.real.com/realplayer/security/04122011_player/en/CONFIRM
17019http://www.exploit-db.com/exploits/17019EXPLOIT-DBExploit
20110321 Heap overflow in RealPlayer 14.0.1.633http://www.securityfocus.com/archive/1/517083/100/0/threadedBUGTRAQ
46946http://www.securityfocus.com/bid/46946BIDExploit
1025245http://www.securitytracker.com/id?1025245SECTRACK
realplayer-ivr-bo(66209)https://exchange.xforce.ibmcloud.com/vulnerabilities/66209XF