GCVE - cpe:2.3:a:realnetworks:realplayer:2.1.5:*:enterprise:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:realnetworks:realplayer:2.1.5:*:enterprise:*:*:*:*:*

part: a version: 2.1.5 update: *

Vendor	Realnetworks (`944b0662-a257-59bc-8fc3-d9f6c6d401e0`)
Product	Realplayer (`51c5929e-545a-5233-af39-c6f980255b80`)
Edition	enterprise
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2955`	vulnerable	2026-06-03 14:31:11.428440	Details available Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. Published: 2011-08-18T23:00:00.000Z Updated: 2024-08-06T23:15:32.095Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1025943 http://service.real.com/realplayer/security/08162011_player/en/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2953`	vulnerable	2026-06-03 14:31:11.427046	Details available An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. Published: 2011-08-18T23:00:00.000Z Updated: 2024-08-06T23:15:31.942Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1025943 http://service.real.com/realplayer/security/08162011_player/en/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2952`	vulnerable	2026-06-03 14:31:11.426283	Details available Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box. Published: 2011-08-18T23:00:00.000Z Updated: 2024-08-06T23:15:31.942Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1025943 http://service.real.com/realplayer/security/08162011_player/en/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2949`	vulnerable	2026-06-03 14:31:11.424072	Details available Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file. Published: 2011-08-18T23:00:00.000Z Updated: 2024-08-06T23:15:31.953Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1025943 http://service.real.com/realplayer/security/08162011_player/en/ http://zerodayinitiative.com/advisories/ZDI-11-267/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2948`	vulnerable	2026-06-03 14:31:11.414806	Details available RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file. Published: 2011-08-18T23:00:00.000Z Updated: 2024-08-06T23:15:31.991Z Open on db.gcve.eu Reference links http://zerodayinitiative.com/advisories/ZDI-11-268/ http://www.securitytracker.com/id?1025943 http://service.real.com/realplayer/security/08162011_player/en/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2946`	vulnerable	2026-06-03 14:31:11.413279	Details available Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. Published: 2011-08-18T23:00:00.000Z Updated: 2024-08-06T23:15:32.055Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1025943 http://service.real.com/realplayer/security/08162011_player/en/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1221`	vulnerable	2026-06-03 14:30:59.729762	Details available Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. Published: 2011-10-04T22:00:00.000Z Updated: 2024-09-17T02:32:51.446Z Open on db.gcve.eu Reference links http://service.real.com/realplayer/security/08162011_player/en/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Realplayer

PURL mappings

Vulnerability references

Contribute