VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 24, 2011· Updated Apr 29, 2026

CVE-2011-4247

CVE-2011-4247

Description

RealNetworks RealPlayer before 15.0.0 is vulnerable to remote code execution via a crafted QCELP stream.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

RealNetworks RealPlayer before 15.0.0 is vulnerable to remote code execution via a crafted QCELP stream.

Vulnerability

RealNetworks RealPlayer versions prior to 15.0.0 contain a vulnerability that allows remote attackers to execute arbitrary code via a specially crafted QCELP stream [1]. The issue resides in the handling of QCELP audio data, which can be triggered when a user opens a malicious media file.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious QCELP stream and delivering it to a victim, typically through a web page or email attachment. No authentication is required; the victim only needs to open the file with an affected version of RealPlayer [1].

Impact

Successful exploitation results in arbitrary code execution in the context of the logged-on user. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights [1].

Mitigation

The vulnerability is fixed in RealPlayer 15.0.0 and later. Users should upgrade to the latest version as provided by RealNetworks [1]. No workarounds are documented.

References
  1. Home to the video player and downloader, RealPlayer from RealNetworks

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

31
  • RealNetworks/Realplayer31 versions
    cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*range: <=14.0.7
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:12.0.0.1444:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:12.0.0.1548:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.1.633:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:6:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:7:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:8:*:*:*:*:*:*:*
    • (no CPE)range: <15.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.