Real Networks RealPlayer CVE-2011-2946 ActiveX Control Remote Code Execution Vulnerability

Real Networks RealPlayer CVE-2011-2946 ActiveX Control Remote Code Execution Vulnerability

Real Networks RealPlayer is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Versions prior to RealPlayer 14.0.6 for Windows and RealPlayer Enterprise 2.1.6 are vulnerable.

NOTE: This issue was previously discussed in BID 49169 (Real Networks RealPlayer Multiple Remote Vulnerabilities) but has been given its own records to better document it.