CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
89.9%
iDefense Reports:
Remote exploitation of a heap-based buffer overflow in
RealNetwork Inc’s RealPlayer could allow the execution of
arbitrary code in the context of the currently logged in
user.
In order to exploit this vulnerability, an attacker would
need to entice a user to follow a link to a malicious server.
Once the user visits a website under the control of an
attacker, it is possible in a default install of RealPlayer
to force a web-browser to use RealPlayer to connect to an
arbitrary server, even when it is not the default application
for handling those types, by the use of embedded object tags
in a webpage. This may allow automated exploitation when the
page is viewed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | linux-realplayer | = 10.0.1 | UNKNOWN |
FreeBSD | any | noarch | linux-realplayer | < 10.0.6 | UNKNOWN |