CVE-2010-4388
CVE-2010-4388
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://osvdb.org/69857http://osvdb.org/69858http://osvdb.org/69859http://service.real.com/realplayer/security/12102010_player/en/http://www.securitytracker.com/id?1024861http://www.zerodayinitiative.com/advisories/ZDI-10-276http://www.zerodayinitiative.com/advisories/ZDI-10-277http://www.zerodayinitiative.com/advisories/ZDI-10-278