Lucene search
Martin BartekZDI-11-269HistoryAug 16, 2011 - 12:00 a.m.
RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
2011-08-1600:00:00
Martin Bartek
www.zerodayinitiative.com
15
0.003 Low
EPSS
Percentile
71.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. This can lead to remote code execution under the context of the current user.
Related
cve
cve
CVE-2011-2947
2011-08-18 23:55:00
CVE-2011-1221
2022-10-03 16:15:10
prion
prion
Cross site scripting
2011-08-18 23:55:00
Cross site scripting
2011-10-04 22:55:00
nvd
nvd
CVE-2011-2947
2011-08-18 23:55:00
CVE-2011-1221
2011-10-04 22:55:01
cvelist
cvelist
CVE-2011-2947
2011-08-18 23:00:00
CVE-2011-1221
2022-10-03 16:15:10
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Aug11
2011-08-31 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Aug 2011) - Windows
2011-08-31 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Aug11
2011-08-31 00:00:00
nessus
nessus
Real Networks RealPlayer < 14.0.6.666 (Build 12.0.1.666) Multiple Vulnerabilities
2012-04-16 00:00:00
RealPlayer for Windows < Build 12.0.1.666 Multiple Vulnerabilities
2011-08-19 00:00:00
securityvulns
securityvulns
RealNetworks Realplayer multiple security vulnerabilities
2011-08-17 00:00:00