The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 up to and including 11.1, RealPlayer SP 1.0 up to and including 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote malicious users to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
realnetworks realplayer 11.1 |
||
realnetworks realplayer 11.0.2 |
||
realnetworks realplayer 11.0.3 |
||
realnetworks realplayer 11.0 |
||
realnetworks realplayer 11.0.1 |
||
realnetworks realplayer 11.0.4 |
||
realnetworks realplayer 11.0.5 |
||
realnetworks realplayer sp 1.1.3 |
||
realnetworks realplayer sp 1.1.4 |
||
realnetworks realplayer sp 1.0.5 |
||
realnetworks realplayer sp 1.1 |
||
realnetworks realplayer sp 1.0.0 |
||
realnetworks realplayer sp 1.0.1 |
||
realnetworks realplayer sp 1.0.2 |
||
realnetworks realplayer sp 1.1.5 |
||
realnetworks realplayer sp 1.1.1 |
||
realnetworks realplayer sp 1.1.2 |
||
realnetworks realplayer 2.1.2 |
||
realnetworks realplayer 2.1.3 |