CVE-2010-4388
N/A
N/A
Summary
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.zerodayinitiative.com/advisories/ZDI-10-276
- http://www.zerodayinitiative.com/advisories/ZDI-10-278
- http://osvdb.org/69859
- http://osvdb.org/69858
- http://www.securitytracker.com/id?1024861
- http://service.real.com/realplayer/security/12102010_player/en/
- http://osvdb.org/69857
- http://www.zerodayinitiative.com/advisories/ZDI-10-277
References
- http://www.zerodayinitiative.com/advisories/ZDI-10-276
- http://www.zerodayinitiative.com/advisories/ZDI-10-278
- http://osvdb.org/69859
- http://osvdb.org/69858
- http://www.securitytracker.com/id?1024861
- http://service.real.com/realplayer/security/12102010_player/en/
- http://osvdb.org/69857
- http://www.zerodayinitiative.com/advisories/ZDI-10-277
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.