The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 up to and including 11.1 and 14.0.0 up to and including 14.0.2, and RealPlayer SP 1.0 up to and including 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote malicious users to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
realnetworks realplayer 11.1 |
||
realnetworks realplayer 11.0 |
||
realnetworks realplayer 14.0.2 |
||
realnetworks realplayer 14.0.0 |
||
realnetworks realplayer 14.0.1 |
||
realnetworks realplayer sp 1.0.1 |
||
realnetworks realplayer sp 1.1.3 |
||
realnetworks realplayer sp 1.1.2 |
||
realnetworks realplayer sp 1.1.5 |
||
realnetworks realplayer sp 1.0.0 |
||
realnetworks realplayer sp 1.1 |
||
realnetworks realplayer sp 1.0.2 |
||
realnetworks realplayer sp 1.1.4 |
||
realnetworks realplayer sp 1.1.1 |
||
realnetworks realplayer sp 1.0.5 |