CVE-2011-2948

{"id": "CVE-2011-2948", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-08-18T23:55:00.913", "references": [{"url": "http://service.real.com/realplayer/security/08162011_player/en/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1025943", "source": "cve@mitre.org"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-11-268/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file."}, {"lang": "es", "value": "RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, RealPlayer Enterprise v2.0 a v2.1.5 y Mac RealPlayer v12.0.0.1569 no gestionan adecuadamente los campos DEFINEFONT en los archivos SWF, lo que permite ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria heap) a atacantes remotos a trav\u00e9s de un archivo debidamente modificado."}], "lastModified": "2011-10-06T02:50:42.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70D263C-820C-4399-9215-D69082024287"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F6486B4-AEDB-428C-9F10-A494681577D4"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D825DDF3-5D19-403E-8990-58521314E99B"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B4A01C-B07A-4879-926B-8C5F272F5662"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9EA3EBA-DDB3-4C2E-BC78-9225E4D65C6E"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FEB9795-829C-4F2A-A796-EF0025E993F4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:2.0:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58276A5F-A6A2-470F-9739-878B7785C3E7"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E2BC096-43B6-4696-8467-CC3D0163EFF5"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A29D4B9-DD00-43F6-ACEA-B830FDFC1E5C"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320D3DA6-DD8C-4423-84E5-55906D47BD6B"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.5:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBE40E84-0053-4173-A60F-53979881E41F"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:12.0.0.1569:*:mac_os:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A1083BF-25B9-44A6-B376-CC39EEACF493"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}