CVE-2011-0694

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:realnetworks:realplayer:2.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:2.1:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:2.1.4:*:enterprise:*:*:*:*:*

History

21 Nov 2024, 01:24

Type Values Removed Values Added
References () http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf - Vendor Advisory () http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf - Vendor Advisory
References () http://osvdb.org/70849 - () http://osvdb.org/70849 -
References () http://secunia.com/advisories/43268 - Vendor Advisory () http://secunia.com/advisories/43268 - Vendor Advisory
References () http://securityreason.com/securityalert/8098 - () http://securityreason.com/securityalert/8098 -
References () http://service.real.com/realplayer/security/02082011_player/en/ - Vendor Advisory () http://service.real.com/realplayer/security/02082011_player/en/ - Vendor Advisory
References () http://www.securityfocus.com/archive/1/516318/100/0/threaded - () http://www.securityfocus.com/archive/1/516318/100/0/threaded -
References () http://www.securitytracker.com/id?1025058 - () http://www.securitytracker.com/id?1025058 -
References () http://www.zerodayinitiative.com/advisories/ZDI-11-076 - () http://www.zerodayinitiative.com/advisories/ZDI-11-076 -

Information

Published : 2011-02-21 18:00

Updated : 2024-11-21 01:24


NVD link : CVE-2011-0694

Mitre link : CVE-2011-0694

CVE.ORG link : CVE-2011-0694


JSON object : View

Products Affected

realnetworks

  • realplayer_sp
  • realplayer