The browser-plugin implementation in RealNetworks RealPlayer 11.0 up to and including 11.1 and RealPlayer SP 1.0 up to and including 1.1 allows remote malicious users to arguments to the RecordClip method, which allows remote malicious users to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
realnetworks realplayer 11.1 |
||
realnetworks realplayer 11.0 |
||
realnetworks realplayer 11.0.1 |
||
realnetworks realplayer 11.0.4 |
||
realnetworks realplayer 11.0.5 |
||
realnetworks realplayer 11.0.2 |
||
realnetworks realplayer 11.0.3 |
||
realnetworks realplayer sp 1.0.1 |
||
realnetworks realplayer sp 1.0.0 |
||
realnetworks realplayer sp 1.1.3 |
||
realnetworks realplayer sp 1.1.4 |
||
realnetworks realplayer sp 1.1.1 |
||
realnetworks realplayer sp 1.1.2 |
||
realnetworks realplayer sp 1.0.2 |
||
realnetworks realplayer sp 1.0.5 |
||
realnetworks realplayer sp 1.1 |