RealNetworks RealPlayer "OpenURLInDefaultBrowser()" Vulnerability

Last Update Date: 19 Apr 2011 Release Date: 15 Apr 2011 5668 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

A vulnerability has been identified in RealNetworks RealPlayer, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error within the "OpenURLInDefaultBrowser()" method when processing user-supplied parameters, which could allow an attacker to execute arbitrary code via a specially crafted ".rnx" file.

Impact

  • Remote Code Execution

System / Technologies affected

  • RealNetworks RealPlayer versions 11.0 through 11.1
  • RealNetworks RealPlayer versions 14.0.0 through 14.0.2
  • RealNetworks RealPlayer SP versions 1.0 through 1.1.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to RealPlayer version 14.0.3.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Flash Content Processing Code Execution Vulnerability

13 Apr 2011 5229 Views

Next

Apple Safari WebKit Multiple Vulnerabilities

15 Apr 2011 5622 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY