CVE-2010-3749

Realnetworks Realplayer - Code Injection

Title source: rule

Description

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."

Exploits (1)

exploitdb WORKING POC

by Sean de Regge · htmlremotewindows

https://www.exploit-db.com/exploits/15991

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://service.real.com/realplayer/security/10152010_player/en/

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-10-211/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44144

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44443

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/15991

Scores

EPSS 0.0582

EPSS Percentile 90.6%

Details

CWE

CWE-94

Status published

Products (16)

realnetworks/realplayer 11.0

realnetworks/realplayer 11.0.1

realnetworks/realplayer 11.0.2

realnetworks/realplayer 11.0.3

realnetworks/realplayer 11.0.4

realnetworks/realplayer 11.0.5

realnetworks/realplayer 11.1

realnetworks/realplayer_sp 1.0.0

realnetworks/realplayer_sp 1.0.1

realnetworks/realplayer_sp 1.0.2

... and 6 more

Published Oct 19, 2010

Tracked Since Feb 18, 2026