Lucene search
Sean de ReggeZDI-10-211HistoryOct 15, 2010 - 12:00 a.m.
RealNetworks Realplayer RecordClip Parameter Injection Remote Code Execution Vulnerability
2010-10-1500:00:00
Sean de Regge
www.zerodayinitiative.com
14
EPSS
0.455
Percentile
97.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the browser plugins provided by RealNetworks. The RecordClip method can be access via the ActiveX control or the Firefox plugin. By injecting a specific character into the arguments to this method, invalid parameters can be passed to a child process that is launched on the local system. This parameter injection allows an attacker to download and subsequently execute a file on a target system, thus allowing for remote code execution.
Related
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2010-3749
2010-10-18 22:00:00
cve
cve
CVE-2010-3749
2010-10-19 00:00:01
exploitdb
exploitdb
prion
prion
Design/Logic Flaw
2010-10-19 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_RECORDCLIP
2010-10-19 00:00:00
nvd
nvd
CVE-2010-3749
2010-10-19 00:00:01
nessus
nessus
Real Networks RealPlayer SP < 1.1.5 Multiple Vulnerabilities
2010-08-27 00:00:00
RealPlayer for Windows < Build 12.0.0.879 Multiple Vulnerabilities
2010-08-27 00:00:00
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Dec10
2010-12-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Dec 2010) - Windows
2010-12-29 00:00:00