VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 24, 2011· Updated Apr 29, 2026

CVE-2011-4252

CVE-2011-4252

Description

RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 contain a flaw in the RV10 codec that allows remote code execution via a crafted sample height.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 contain a flaw in the RV10 codec that allows remote code execution via a crafted sample height.

Vulnerability

The RV10 codec in RealNetworks RealPlayer versions before 15.0.0 and Mac RealPlayer before 12.0.0.1703 contains a memory corruption vulnerability. A crafted sample height value in an RV10-encoded media stream can trigger the flaw. The code path is reachable when a user opens a malicious media file or visits a web page that embeds the content [1].

Exploitation

An attacker can exploit this vulnerability by crafting a media file with a specially set sample height value in the RV10 codec data. The attacker must convince the victim to open the malicious file or visit a webpage hosting the embedded content. No additional authentication or privileges are required beyond normal user interaction [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the victim's system. The attacker gains the same privileges as the currently logged-in user, which could lead to full system compromise, including data theft, installation of malware, or further network propagation [1].

Mitigation

RealNetworks addressed this vulnerability in RealPlayer 15.0.0 and Mac RealPlayer 12.0.0.1703. Users should upgrade to the latest available versions. No workaround is documented; the only mitigation is applying the vendor-provided patch [1].

References
  1. Home to the video player and downloader, RealPlayer from RealNetworks

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

39
  • RealNetworks/Realplayer39 versions
    cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*+ 38 more
    • cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*range: <=14.0.7
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:mac_os_x:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.1:*:mac_os_x:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:12.0.0.1444:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:12.0.0.1548:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:12.0.0.1569:*:mac_os:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.1.633:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:14.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:6:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:7:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:7.0:*:mac_os:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:8:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:8.0:*:mac_os:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:*:*:mac_os:*:*:*:*:*range: <=12.0.0.1701
    • (no CPE)range: <15.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.