9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.961 High
EPSS
Percentile
99.5%
This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs: CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA 0FDF6D6B-D672-463B-846E-C6FF49109662 224E833B-2CC6-42D9-AE39-90B6A38A4FA2 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93 3B46067C-FD87-49B6-8DDD-12F0D687035F 3B5E0503-DE28-4BE8-919C-76E0E894A3C2 44CCBCEB-BA7E-4C99-A078-9F683832D493 A1A41E11-91DB-4461-95CD-0C02327FD934 CFCDA953-8BE4-11CF-B84B-0020AFBBCCFA Specifying malicious values for the ‘Controls’ or ‘Console’ properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.