CVE-2011-0694

2011-02-2118:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

realnetworks

realplayer

cve-2011-0694

cross-domain scripting

arbitrary code execution

security vulnerability

nvd

7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.419 Medium

EPSS

Percentile

97.3%

JSON

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.

CPENameOperatorVersion
realnetworks:realplayerrealnetworks realplayereq11.0
realnetworks:realplayerrealnetworks realplayereq11.1
realnetworks:realplayerrealnetworks realplayereq14.0.1
realnetworks:realplayerrealnetworks realplayereq14.0.0
realnetworks:realplayer_sprealnetworks realplayer speq1.0.1
realnetworks:realplayer_sprealnetworks realplayer speq1.1.5
realnetworks:realplayer_sprealnetworks realplayer speq1.1.3
realnetworks:realplayer_sprealnetworks realplayer speq1.0.0
realnetworks:realplayer_sprealnetworks realplayer speq1.0.2
realnetworks:realplayer_sprealnetworks realplayer speq1.1

CPE	Name	Operator	Version
realnetworks:realplayer	realnetworks realplayer	eq	11.0
realnetworks:realplayer	realnetworks realplayer	eq	11.1
realnetworks:realplayer	realnetworks realplayer	eq	14.0.1
realnetworks:realplayer	realnetworks realplayer	eq	14.0.0
realnetworks:realplayer_sp	realnetworks realplayer sp	eq	1.0.1
realnetworks:realplayer_sp	realnetworks realplayer sp	eq	1.1.5
realnetworks:realplayer_sp	realnetworks realplayer sp	eq	1.1.3
realnetworks:realplayer_sp	realnetworks realplayer sp	eq	1.0.0
realnetworks:realplayer_sp	realnetworks realplayer sp	eq	1.0.2
realnetworks:realplayer_sp	realnetworks realplayer sp	eq	1.1