The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2010-10-18 17:00
Updated : 2011-01-25 22:51
NVD link : CVE-2010-3749
Mitre link : CVE-2010-3749
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
realnetworks
- realplayer_sp
- realplayer