9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.419 Medium
EPSS
Percentile
97.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.