Description
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70849
Vendor Advisory x_refsource_confirm
http://service.real.com/realplayer/security/02082011_player/en/
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8098
Vendor Advisory x_refsource_confirm
http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-076
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43268
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025058
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516318/100/0/threaded
Scores
EPSS
0.0499
EPSS Percentile
89.8%
Details
Status
published
Products (19)
realnetworks/realplayer
11.0
realnetworks/realplayer
11.1
realnetworks/realplayer
14.0.0
realnetworks/realplayer
14.0.1
realnetworks/realplayer
2.0
realnetworks/realplayer
2.1
realnetworks/realplayer
2.1.2
realnetworks/realplayer
2.1.3
realnetworks/realplayer
2.1.4
realnetworks/realplayer_sp
1.0.0
... and 9 more
Published
Feb 21, 2011
Tracked Since
Feb 18, 2026