Lucene search

PRIOn knowledge basePRION:CVE-2011-0694

HistoryFeb 21, 2011 - 6:00 p.m.

Cross site scripting

2011-02-2118:00:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.419 Medium

EPSS

Percentile

97.2%

JSON

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.

CPENameOperatorVersion
realplayereq11.0
realplayereq11.1
realplayereq14.0.1
realplayereq14.0.0
realplayereq2.1 enterprise
realplayereq2.1.3 enterprise
realplayereq2.1.2 enterprise
realplayereq2.0 enterprise
realplayereq2.1.4 enterprise
realplayer_speq1.0.1

Name	Operator	Version
realplayer	eq	11.0
realplayer	eq	11.1
realplayer	eq	14.0.1
realplayer	eq	14.0.0
realplayer	eq	2.1 enterprise
realplayer	eq	2.1.3 enterprise
realplayer	eq	2.1.2 enterprise
realplayer	eq	2.0 enterprise
realplayer	eq	2.1.4 enterprise
realplayer_sp	eq	1.0.1

Rows per page:

1-10 of 191

References

docs.real.com/docs/security/SecurityUpdate020811RPE.pdf

osvdb.org/70849

secunia.com/advisories/43268

securityreason.com/securityalert/8098

service.real.com/realplayer/security/02082011_player/en/

www.securityfocus.com/archive/1/516318/100/0/threaded

www.securitytracker.com/id?1025058

www.zerodayinitiative.com/advisories/ZDI-11-076

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.419 Medium

EPSS

Percentile

97.2%

JSON

Related for PRION:CVE-2011-0694