CVE-2011-1525
Description
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
RealPlayer 14.0.1.633 - Heap Overflow
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| realnetworks | realplayer | {"endIncluding":"14.0.1.633"} | |
| realnetworks | realplayer | 4 | |
| realnetworks | realplayer | 5 | |
| realnetworks | realplayer | 6 | |
| realnetworks | realplayer | 7 | |
| realnetworks | realplayer | 8 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.2.1744 | |
| realnetworks | realplayer | 11.0.2.2315 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer | 11.1 | |
| realnetworks | realplayer | 11.1.3 | |
| realnetworks | realplayer | 11_build_6.0.14.748 | |
| realnetworks | realplayer | 12.0.0.1444 | |
| realnetworks | realplayer | 12.0.0.1548 | |
| realnetworks | realplayer | 14.0.0 | |
| realnetworks | realplayer | 14.0.1 | |
| realnetworks | realplayer | 14.0.1.609 | |
References
- http://aluigi.org/adv/real_5-adv.txt
- http://osvdb.org/71260
- http://secunia.com/advisories/43847
- http://securityreason.com/securityalert/8181
- http://service.real.com/realplayer/security/04122011_player/en/
- http://www.exploit-db.com/exploits/17019
- http://www.securityfocus.com/archive/1/517083/100/0/threaded
- http://www.securityfocus.com/bid/46946
- http://www.securitytracker.com/id?1025245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66209
- http://aluigi.org/adv/real_5-adv.txt
- http://osvdb.org/71260
- http://secunia.com/advisories/43847
- http://securityreason.com/securityalert/8181
- http://service.real.com/realplayer/security/04122011_player/en/
- http://www.exploit-db.com/exploits/17019
- http://www.securityfocus.com/archive/1/517083/100/0/threaded
- http://www.securityfocus.com/bid/46946
- http://www.securitytracker.com/id?1025245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66209
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.