Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows)
Information
Severity
Severity
Critical
Family
Family
General
CVSSv2 Base
CVSSv2 Base
9.3
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
12 years ago
Modified
Modified
5 years ago
Summary
This host is installed with RealPlayer which is prone to Code Execution Vulnerability.
Insight
Insight
The flaw is caused by an error within the 'OpenURLInDefaultBrowser()' method when processing user-supplied parameters, which could allow an attacker to execute arbitrary code via a specially crafted '.rnx' file.
Affected Software
Affected Software
RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.2
Solution
Solution
Upgrade to RealPlayer version 14.0.3 or later.