CVE-2010-3749

Опубликовано: 19 окт. 2010

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05823

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-6p5r-m5h8-g9rj

github

больше 3 лет назад