CVE-2010-4388: Input Validation
First published: Tue Dec 14 2010(Updated: )
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Realnetworks Realplayer | =11.0 | |
| Realnetworks Realplayer | =11.0.4 | |
| Realnetworks Realplayer | =11.0.2 | |
| Realnetworks Realplayer | =11.0.3 | |
| Realnetworks Realplayer | =11.0.5 | |
| Realnetworks Realplayer | =11.1 | |
| Realnetworks Realplayer | =11.0.1 | |
| Realnetworks Realplayer Sp | =1.0.1 | |
| Realnetworks Realplayer Sp | =1.1.5 | |
| Realnetworks Realplayer Sp | =1.1.3 | |
| Realnetworks Realplayer Sp | =1.0.0 | |
| Realnetworks Realplayer Sp | =1.0.2 | |
| Realnetworks Realplayer Sp | =1.1 | |
| Realnetworks Realplayer Sp | =1.1.2 | |
| Realnetworks Realplayer Sp | =1.1.4 | |
| Realnetworks Realplayer Sp | =1.1.1 | |
| Realnetworks Realplayer Sp | =1.0.5 | |
| Realnetworks Realplayer | =2.1.3 | |
| Realnetworks Realplayer | =2.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/69857
- http://osvdb.org/69858
- http://osvdb.org/69859
- http://service.real.com/realplayer/security/12102010_player/en/
- http://www.securitytracker.com/id?1024861
- http://www.zerodayinitiative.com/advisories/ZDI-10-276
- http://www.zerodayinitiative.com/advisories/ZDI-10-277
- http://www.zerodayinitiative.com/advisories/ZDI-10-278
- collector/nvd-index
- collector/nvd-historical
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/realnetworks
- canonical/realnetworks realplayer
- version/realnetworks realplayer/11.0
- version/realnetworks realplayer/11.0.1
- version/realnetworks realplayer/11.0.2
- version/realnetworks realplayer/11.0.3
- version/realnetworks realplayer/11.0.4
- version/realnetworks realplayer/11.0.5
- version/realnetworks realplayer/11.1
- canonical/realnetworks realplayer sp
- version/realnetworks realplayer sp/1.0.0
- version/realnetworks realplayer sp/1.0.1
- version/realnetworks realplayer sp/1.0.2
- version/realnetworks realplayer sp/1.0.5
- version/realnetworks realplayer sp/1.1
- version/realnetworks realplayer sp/1.1.1
- version/realnetworks realplayer sp/1.1.2
- version/realnetworks realplayer sp/1.1.3
- version/realnetworks realplayer sp/1.1.4
- version/realnetworks realplayer sp/1.1.5
- version/realnetworks realplayer/2.1.2
- version/realnetworks realplayer/2.1.3