What is the severity of CVE-2022-32270?

CVE-2022-32270 is classified as a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2022-32270?

To mitigate CVE-2022-32270, users should update to the latest version of Real Player, which addresses this vulnerability.

What types of attacks can CVE-2022-32270 enable?

CVE-2022-32270 can enable arbitrary file downloads, directory traversal, and potentially remote code execution.

Which versions of Real Player are affected by CVE-2022-32270?

CVE-2022-32270 affects Real Player versions 20.0.7.309 and 20.0.8.310.

What is the primary cause of the vulnerability CVE-2022-32270?

The vulnerability CVE-2022-32270 is caused by the external::Import() function allowing unauthorized file downloads and directory traversal.

Vulnerability/
CVE-2022-32270

critical

9.8

CWE

3/6/2022

3/8/2024

CVE-2022-32270: Path Traversal

First published: Fri Jun 03 2022(Updated: )

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
RealPlayer	=20.0.7.309
RealPlayer	=20.0.8.310

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-32270?
CVE-2022-32270 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2022-32270?
To mitigate CVE-2022-32270, users should update to the latest version of Real Player, which addresses this vulnerability.
What types of attacks can CVE-2022-32270 enable?
CVE-2022-32270 can enable arbitrary file downloads, directory traversal, and potentially remote code execution.
Which versions of Real Player are affected by CVE-2022-32270?
CVE-2022-32270 affects Real Player versions 20.0.7.309 and 20.0.8.310.
What is the primary cause of the vulnerability CVE-2022-32270?
The vulnerability CVE-2022-32270 is caused by the external::Import() function allowing unauthorized file downloads and directory traversal.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/realnetworks
canonical/realplayer
version/realplayer/20.0.7.309
version/realplayer/20.0.8.310

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2022-32270?
CVE-2022-32270 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2022-32270?
To mitigate CVE-2022-32270, users should update to the latest version of Real Player, which addresses this vulnerability.
What types of attacks can CVE-2022-32270 enable?
CVE-2022-32270 can enable arbitrary file downloads, directory traversal, and potentially remote code execution.
Which versions of Real Player are affected by CVE-2022-32270?
CVE-2022-32270 affects Real Player versions 20.0.7.309 and 20.0.8.310.
What is the primary cause of the vulnerability CVE-2022-32270?
The vulnerability CVE-2022-32270 is caused by the external::Import() function allowing unauthorized file downloads and directory traversal.