CVE-2022-32270: Path Traversal
First published: Fri Jun 03 2022(Updated: )
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =20.0.7.309 | |
| RealPlayer | =20.0.8.310 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-32270?
CVE-2022-32270 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2022-32270?
To mitigate CVE-2022-32270, users should update to the latest version of Real Player, which addresses this vulnerability.
What types of attacks can CVE-2022-32270 enable?
CVE-2022-32270 can enable arbitrary file downloads, directory traversal, and potentially remote code execution.
Which versions of Real Player are affected by CVE-2022-32270?
CVE-2022-32270 affects Real Player versions 20.0.7.309 and 20.0.8.310.
What is the primary cause of the vulnerability CVE-2022-32270?
The vulnerability CVE-2022-32270 is caused by the external::Import() function allowing unauthorized file downloads and directory traversal.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/20.0.7.309
- version/realplayer/20.0.8.310