CVE-2010-3749

RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1 - Remote Code Execution via RecordClip Method Parameter Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3749. PoCs published by Sean de Regge.

AI-analyzed exploit summary This exploit leverages a parameter injection vulnerability in RealPlayer's RecordClip() ActiveX function to download and execute a malicious batch file disguised as an MP3. It uses a chimera file (valid MP3 with embedded batch commands) and RealPlayer's /f and /t switches to bypass checks and save the file to an arbitrary location.

Description

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."

Exploits (1)

exploitdb WORKING POC
by Sean de Regge · htmlremotewindows
https://www.exploit-db.com/exploits/15991

This exploit leverages a parameter injection vulnerability in RealPlayer's RecordClip() ActiveX function to download and execute a malicious batch file disguised as an MP3. It uses a chimera file (valid MP3 with embedded batch commands) and RealPlayer's /f and /t switches to bypass checks and save the file to an arbitrary location.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealPlayer (versions with RecordingManager.exe vulnerable to CVE-2010-3749)
No auth needed
Prerequisites: Victim must have vulnerable RealPlayer installed · Victim must visit a malicious webpage or open a malicious HTML file · Attacker must host a chimera file (MP3 with embedded batch commands) on a controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44144
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15991
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-211/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44443

Scores

EPSS 0.2609
EPSS Percentile 97.7%

Details

CWE
CWE-94
Status published
Products (16)
realnetworks/realplayer 11.0
realnetworks/realplayer 11.0.1
realnetworks/realplayer 11.0.2
realnetworks/realplayer 11.0.3
realnetworks/realplayer 11.0.4
realnetworks/realplayer 11.0.5
realnetworks/realplayer 11.1
realnetworks/realplayer_sp 1.0.0
realnetworks/realplayer_sp 1.0.1
realnetworks/realplayer_sp 1.0.2
... and 6 more
Published Oct 19, 2010
Tracked Since Feb 18, 2026