Lucene search

K
cve[email protected]CVE-2010-3749
HistoryOct 19, 2010 - 12:00 a.m.

CVE-2010-3749

2010-10-1900:00:01
CWE-94
web.nvd.nist.gov
20
cve-2010-3749
realnetworks
realplayer
browser-plugin
remote attackers
parameter injection
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.455

Percentile

97.4%

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka “parameter injection.”

Affected configurations

NVD
Node
realnetworksrealplayerMatch11.0
OR
realnetworksrealplayerMatch11.0.1
OR
realnetworksrealplayerMatch11.0.2
OR
realnetworksrealplayerMatch11.0.3
OR
realnetworksrealplayerMatch11.0.4
OR
realnetworksrealplayerMatch11.0.5
OR
realnetworksrealplayerMatch11.1
Node
realnetworksrealplayer_spMatch1.0.0
OR
realnetworksrealplayer_spMatch1.0.1
OR
realnetworksrealplayer_spMatch1.0.2
OR
realnetworksrealplayer_spMatch1.0.5
OR
realnetworksrealplayer_spMatch1.1
OR
realnetworksrealplayer_spMatch1.1.1
OR
realnetworksrealplayer_spMatch1.1.2
OR
realnetworksrealplayer_spMatch1.1.3
OR
realnetworksrealplayer_spMatch1.1.4
VendorProductVersionCPE
realnetworksrealplayer11.0.2cpe:/a:realnetworks:realplayer:11.0.2:::
realnetworksrealplayer11.1cpe:/a:realnetworks:realplayer:11.1:::
realnetworksrealplayer11.0.4cpe:/a:realnetworks:realplayer:11.0.4:::
realnetworksrealplayer11.0.1cpe:/a:realnetworks:realplayer:11.0.1:::
realnetworksrealplayer11.0.5cpe:/a:realnetworks:realplayer:11.0.5:::
realnetworksrealplayer11.0.3cpe:/a:realnetworks:realplayer:11.0.3:::
realnetworksrealplayer11.0cpe:/a:realnetworks:realplayer:11.0:::

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.455

Percentile

97.4%