RealNetworks RealPlayer 11.0 up to and including 11.1, SP 1.0 up to and including 1.1.5, and 14.0.0 up to and including 14.0.1, and Enterprise 2.0 up to and including 2.1.4, uses predictable names for temporary files, which allows remote malicious users to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
realnetworks realplayer 11.0 |
||
realnetworks realplayer 11.1 |
||
realnetworks realplayer 14.0.0 |
||
realnetworks realplayer 14.0.1 |
||
realnetworks realplayer sp 1.1.1 |
||
realnetworks realplayer sp 1.0.5 |
||
realnetworks realplayer sp 1.0.2 |
||
realnetworks realplayer sp 1.0.0 |
||
realnetworks realplayer sp 1.0.1 |
||
realnetworks realplayer sp 1.1.3 |
||
realnetworks realplayer sp 1.1.2 |
||
realnetworks realplayer sp 1.1.5 |
||
realnetworks realplayer sp 1.1.4 |
||
realnetworks realplayer sp 1.1 |
||
realnetworks realplayer 2.1 |
||
realnetworks realplayer 2.1.2 |
||
realnetworks realplayer 2.0 |
||
realnetworks realplayer 2.1.3 |
||
realnetworks realplayer 2.1.4 |
Vulmon