Lucene search

MitreCVE-2011-2950

HistoryAug 18, 2011 - 11:55 p.m.

CVE-2011-2950

2011-08-1823:55:01

CWE-119

mitre

web.nvd.nist.gov

cve-2011-2950

buffer overflow

realnetworks

realplayer

remote code execution

qcp file

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.944

Percentile

99.2%

JSON

Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.

Affected configurations

Nvd

Node

realnetworksrealplayerMatch11.0

realnetworksrealplayerMatch11.1

Node

realnetworksrealplayerMatch14.0.0

realnetworksrealplayerMatch14.0.1

realnetworksrealplayerMatch14.0.2

realnetworksrealplayerMatch14.0.3

realnetworksrealplayerMatch14.0.4

realnetworksrealplayerMatch14.0.5

Node

realnetworksrealplayer_spMatch1.0.0

realnetworksrealplayer_spMatch1.0.1

realnetworksrealplayer_spMatch1.0.2

realnetworksrealplayer_spMatch1.0.5

realnetworksrealplayer_spMatch1.1

realnetworksrealplayer_spMatch1.1.1

realnetworksrealplayer_spMatch1.1.2

realnetworksrealplayer_spMatch1.1.3

realnetworksrealplayer_spMatch1.1.4

realnetworksrealplayer_spMatch1.1.5

VendorProductVersionCPE
realnetworksrealplayer11.0cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
realnetworksrealplayer11.1cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
realnetworksrealplayer14.0.0cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
realnetworksrealplayer14.0.1cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
realnetworksrealplayer14.0.2cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
realnetworksrealplayer14.0.3cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
realnetworksrealplayer14.0.4cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
realnetworksrealplayer14.0.5cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.0cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.1cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realplayer	11.0	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
realnetworks	realplayer	11.1	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*
realnetworks	realplayer	14.0.0	cpe:2.3:a:realnetworks:realplayer:14.0.0:::::::*
realnetworks	realplayer	14.0.1	cpe:2.3:a:realnetworks:realplayer:14.0.1:::::::*
realnetworks	realplayer	14.0.2	cpe:2.3:a:realnetworks:realplayer:14.0.2:::::::*
realnetworks	realplayer	14.0.3	cpe:2.3:a:realnetworks:realplayer:14.0.3:::::::*
realnetworks	realplayer	14.0.4	cpe:2.3:a:realnetworks:realplayer:14.0.4:::::::*
realnetworks	realplayer	14.0.5	cpe:2.3:a:realnetworks:realplayer:14.0.5:::::::*
realnetworks	realplayer_sp	1.0.0	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*
realnetworks	realplayer_sp	1.0.1	cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:::::::*