Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-4388
HistoryDec 14, 2010 - 4:00 p.m.

CVE-2010-4388

2010-12-1416:00:04
CWE-20
[email protected]
web.nvd.nist.gov
23
cve-2010-4388
realnetworks
realplayer
remote code injection
activex controls

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.

Affected configurations

NVD
Node
realnetworksrealplayerMatch11.0
OR
realnetworksrealplayerMatch11.0.1
OR
realnetworksrealplayerMatch11.0.2
OR
realnetworksrealplayerMatch11.0.3
OR
realnetworksrealplayerMatch11.0.4
OR
realnetworksrealplayerMatch11.0.5
OR
realnetworksrealplayerMatch11.1
Node
realnetworksrealplayer_spMatch1.0.0
OR
realnetworksrealplayer_spMatch1.0.1
OR
realnetworksrealplayer_spMatch1.0.2
OR
realnetworksrealplayer_spMatch1.0.5
OR
realnetworksrealplayer_spMatch1.1
OR
realnetworksrealplayer_spMatch1.1.1
OR
realnetworksrealplayer_spMatch1.1.2
OR
realnetworksrealplayer_spMatch1.1.3
OR
realnetworksrealplayer_spMatch1.1.4
OR
realnetworksrealplayer_spMatch1.1.5
Node
realnetworksrealplayerMatch2.1.2enterprise
OR
realnetworksrealplayerMatch2.1.3enterprise

Related

nvd 1
cvelist 1
prion 1
zdi 3
openvas 2
nessus 2
nvd
nvd
CVE-2010-4388
2010-12-14 16:00:04
cvelist
cvelist
CVE-2010-4388
2010-12-14 15:00:00
prion
prion
Code injection
2010-12-14 16:00:00
zdi
zdi
RealNetworks RealPlayer Upsell.htm getqsval Remote Code Execution Vulnerability
2010-12-10 00:00:00
RealNetworks RealPlayer Main.html Remote Code Execution Vulnerability
2010-12-10 00:00:00
RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability
2010-12-10 00:00:00
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Dec 2010) - Windows
2010-12-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Dec10
2010-12-29 00:00:00
nessus
nessus
Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple Vulnerabilities
2010-11-15 00:00:00
RealPlayer for Windows < Build 12.0.1.609 Multiple Vulnerabilities
2010-11-16 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON
Related for CVE-2010-4388
nvd1cvelist1prion1zdi3openvas2nessus2