CVE-2010-4388

Опубликовано: 14 дек. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*

cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*

EPSS

Процентиль: 59%

0.00386

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-qw2f-744w-3w38

github

больше 3 лет назад

EPSS

Процентиль: 59%

0.00386

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20