Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 up to and including 11.1, RealPlayer SP 1.0 up to and including 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote malicious users to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
realnetworks realplayer 11.0.4 |
||
realnetworks realplayer 11.0.5 |
||
realnetworks realplayer 11.0 |
||
realnetworks realplayer 11.0.1 |
||
realnetworks realplayer 11.0.2 |
||
realnetworks realplayer 11.0.3 |
||
realnetworks realplayer 11.1 |
||
realnetworks realplayer sp 1.1.2 |
||
realnetworks realplayer sp 1.1.3 |
||
realnetworks realplayer sp 1.0.1 |
||
realnetworks realplayer sp 1.0.2 |
||
realnetworks realplayer sp 1.1.5 |
||
realnetworks realplayer sp 1.1 |
||
realnetworks realplayer sp 1.1.1 |
||
realnetworks realplayer sp 1.0.0 |
||
realnetworks realplayer sp 1.1.4 |
||
realnetworks realplayer sp 1.0.5 |
||
realnetworks realplayer 2.1.2 |
Vulmon