Vulnerability-Lookup

CVE-2010-4388 (GCVE-0-2010-4388)

Vulnerability from cvelistv5 – Published: 2010-12-14 15:00 – Updated: 2024-08-07 03:43

Summary

The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.zerodayinitiative.com/advisories/ZDI-10-276	x_refsource_MISC
	http://www.zerodayinitiative.com/advisories/ZDI-10-278	x_refsource_MISC
	http://osvdb.org/69859	vdb-entryx_refsource_OSVDB
	http://osvdb.org/69858	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1024861	vdb-entryx_refsource_SECTRACK
	http://service.real.com/realplayer/security/12102…	x_refsource_CONFIRM
	http://osvdb.org/69857	vdb-entryx_refsource_OSVDB
	http://www.zerodayinitiative.com/advisories/ZDI-10-277	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
          },
          {
            "name": "69859",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/69859"
          },
          {
            "name": "69858",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/69858"
          },
          {
            "name": "1024861",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024861"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://service.real.com/realplayer/security/12102010_player/en/"
          },
          {
            "name": "69857",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/69857"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-21T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
        },
        {
          "name": "69859",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/69859"
        },
        {
          "name": "69858",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/69858"
        },
        {
          "name": "1024861",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024861"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://service.real.com/realplayer/security/12102010_player/en/"
        },
        {
          "name": "69857",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/69857"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4388",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-276",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-278",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
            },
            {
              "name": "69859",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/69859"
            },
            {
              "name": "69858",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/69858"
            },
            {
              "name": "1024861",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024861"
            },
            {
              "name": "http://service.real.com/realplayer/security/12102010_player/en/",
              "refsource": "CONFIRM",
              "url": "http://service.real.com/realplayer/security/12102010_player/en/"
            },
            {
              "name": "69857",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/69857"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-277",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4388",
    "datePublished": "2010-12-14T15:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F826B276-91E6-495E-B429-51B1C5ECB146\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A732E6C-108F-447F-98B1-EA774A0537EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D03738C3-D659-488D-B285-64A496C0F1FB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53D7AE43-A3AC-4B38-B0A3-E6F02834224F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59FEDCDF-9FBF-4D08-A50F-FF92763DFC21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54A11B3A-547C-4F2F-A58E-DE06DBBE8115\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7243D80-913D-405C-9988-B8473DB1A5DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4C6D399-FF31-441D-A363-BD53CFE5569A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9818A6FB-2CF5-4236-8EFE-95458D603CC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73CC0582-D889-4907-A32E-218AC2B0591F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"1E2BC096-43B6-4696-8467-CC3D0163EFF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"3A29D4B9-DD00-43F6-ACEA-B830FDFC1E5C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Los componentes (1) Upsell.htm, (2) Main.html, y (3) Custsupport.html en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permiten a atacantes remotos inyectar c\\u00f3digo en el proceso RealOneActiveXObject y evitar las restricciones Local Machine Zone establecidas y cargar controles ActiveX de su elecci\\u00f3n a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2010-4388",
      "lastModified": "2024-11-21T01:20:50.590",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-12-14T16:00:04.883",
      "references": "[{\"url\": \"http://osvdb.org/69857\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/69858\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/69859\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://service.real.com/realplayer/security/12102010_player/en/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1024861\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-276\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-277\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-278\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/69857\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/69858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/69859\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://service.real.com/realplayer/security/12102010_player/en/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1024861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-276\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-10-278\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4388\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-12-14T16:00:04.883\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Los componentes (1) Upsell.htm, (2) Main.html, y (3) Custsupport.html en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permiten a atacantes remotos inyectar c\u00f3digo en el proceso RealOneActiveXObject y evitar las restricciones Local Machine Zone establecidas y cargar controles ActiveX de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F826B276-91E6-495E-B429-51B1C5ECB146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A732E6C-108F-447F-98B1-EA774A0537EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D03738C3-D659-488D-B285-64A496C0F1FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53D7AE43-A3AC-4B38-B0A3-E6F02834224F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FEDCDF-9FBF-4D08-A50F-FF92763DFC21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A11B3A-547C-4F2F-A58E-DE06DBBE8115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7243D80-913D-405C-9988-B8473DB1A5DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C6D399-FF31-441D-A363-BD53CFE5569A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9818A6FB-2CF5-4236-8EFE-95458D603CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CC0582-D889-4907-A32E-218AC2B0591F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"1E2BC096-43B6-4696-8467-CC3D0163EFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"3A29D4B9-DD00-43F6-ACEA-B830FDFC1E5C\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/69857\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/69858\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/69859\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://service.real.com/realplayer/security/12102010_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1024861\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-276\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-277\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-278\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/69857\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/69858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/69859\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://service.real.com/realplayer/security/12102010_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1024861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-278\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2010-4388

Vulnerability from fkie_nvd - Published: 2010-12-14 16:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/69857
cve@mitre.org	http://osvdb.org/69858
cve@mitre.org	http://osvdb.org/69859
cve@mitre.org	http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id?1024861
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-276
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-277
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-10-278
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/69857
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/69858
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/69859
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024861
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-276
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-277
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-278

Impacted products

Vendor	Product	Version
realnetworks	realplayer	11.0
realnetworks	realplayer	11.0.1
realnetworks	realplayer	11.0.2
realnetworks	realplayer	11.0.3
realnetworks	realplayer	11.0.4
realnetworks	realplayer	11.0.5
realnetworks	realplayer	11.1
realnetworks	realplayer_sp	1.0.0
realnetworks	realplayer_sp	1.0.1
realnetworks	realplayer_sp	1.0.2
realnetworks	realplayer_sp	1.0.5
realnetworks	realplayer_sp	1.1
realnetworks	realplayer_sp	1.1.1
realnetworks	realplayer_sp	1.1.2
realnetworks	realplayer_sp	1.1.3
realnetworks	realplayer_sp	1.1.4
realnetworks	realplayer_sp	1.1.5
realnetworks	realplayer	2.1.2
realnetworks	realplayer	2.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "1E2BC096-43B6-4696-8467-CC3D0163EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3A29D4B9-DD00-43F6-ACEA-B830FDFC1E5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Los componentes (1) Upsell.htm, (2) Main.html, y (3) Custsupport.html en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permiten a atacantes remotos inyectar c\u00f3digo en el proceso RealOneActiveXObject y evitar las restricciones Local Machine Zone establecidas y cargar controles ActiveX de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2010-4388",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-14T16:00:04.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/69857"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/69858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/69859"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024861"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/69857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/69858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/69859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-4388

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4388

Aliases

CVE-2010-4388

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4388",
    "description": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.",
    "id": "GSD-2010-4388"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4388"
      ],
      "details": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.",
      "id": "GSD-2010-4388",
      "modified": "2023-12-13T01:21:30.703093Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-4388",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-276",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-278",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
          },
          {
            "name": "69859",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/69859"
          },
          {
            "name": "69858",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/69858"
          },
          {
            "name": "1024861",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024861"
          },
          {
            "name": "http://service.real.com/realplayer/security/12102010_player/en/",
            "refsource": "CONFIRM",
            "url": "http://service.real.com/realplayer/security/12102010_player/en/"
          },
          {
            "name": "69857",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/69857"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-277",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4388"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://service.real.com/realplayer/security/12102010_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://service.real.com/realplayer/security/12102010_player/en/"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-278",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-277",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-276",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
            },
            {
              "name": "69857",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/69857"
            },
            {
              "name": "69858",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/69858"
            },
            {
              "name": "69859",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/69859"
            },
            {
              "name": "1024861",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024861"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-01-19T07:02Z",
      "publishedDate": "2010-12-14T16:00Z"
    }
  }
}

CERTA-2010-AVI-586

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans RealPlayer permettent à une personne malveillante distante d'exécuter du code arbitraire.

Description

De multiples vulnérabilités ont été découvertes dans RealPlayer. Elles peuvent être utilisées par une personne malveillante distante pour exécuter du code arbitraire, notamment par le biais de fichiers AAC spécialement conçus. Ces vulnérabilités n'affectent pas les dernières versions de RealPlayer.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac RealPlayer 12.0.0.1444 et antérieures ;
N/A	N/A	Linux RealPlayer 11.0.2.1744 et antérieures.
N/A	N/A	RealPlayer SP 1.1.5 et antérieures ;
N/A	N/A	RealPlayer 11.1 et antérieures ;
N/A	N/A	RealPlayer Enterprise 2.1.3 et antérieures ;

References

Title

Publication Time

Tags

Mise à jour de sécurité RealPlayer du 10 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac RealPlayer 12.0.0.1444 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Linux RealPlayer 11.0.2.1744 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer SP 1.1.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 11.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer Enterprise 2.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans RealPlayer. Elles\npeuvent \u00eatre utilis\u00e9es par une personne malveillante distante pour\nex\u00e9cuter du code arbitraire, notamment par le biais de fichiers AAC\nsp\u00e9cialement con\u00e7us. Ces vuln\u00e9rabilit\u00e9s n\u0027affectent pas les derni\u00e8res\nversions de RealPlayer.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0125"
    },
    {
      "name": "CVE-2010-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2997"
    },
    {
      "name": "CVE-2010-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4394"
    },
    {
      "name": "CVE-2010-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4380"
    },
    {
      "name": "CVE-2010-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4377"
    },
    {
      "name": "CVE-2010-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4384"
    },
    {
      "name": "CVE-2010-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4389"
    },
    {
      "name": "CVE-2010-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4391"
    },
    {
      "name": "CVE-2010-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4382"
    },
    {
      "name": "CVE-2010-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4379"
    },
    {
      "name": "CVE-2010-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
    },
    {
      "name": "CVE-2010-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4388"
    },
    {
      "name": "CVE-2010-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4397"
    },
    {
      "name": "CVE-2010-2999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2999"
    },
    {
      "name": "CVE-2010-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4385"
    },
    {
      "name": "CVE-2010-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4392"
    },
    {
      "name": "CVE-2010-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4378"
    },
    {
      "name": "CVE-2010-4383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4383"
    },
    {
      "name": "CVE-2010-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4387"
    },
    {
      "name": "CVE-2010-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0121"
    },
    {
      "name": "CVE-2010-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2579"
    },
    {
      "name": "CVE-2010-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4386"
    },
    {
      "name": "CVE-2010-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4381"
    },
    {
      "name": "CVE-2010-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4390"
    },
    {
      "name": "CVE-2010-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4396"
    },
    {
      "name": "CVE-2010-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4395"
    },
    {
      "name": "CVE-2010-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4375"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-586",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans RealPlayer permettent \u00e0 une personne\nmalveillante distante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 RealPlayer du 10 d\u00e9cembre 2010",
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    }
  ]
}

CERTA-2010-AVI-586

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans RealPlayer permettent à une personne malveillante distante d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac RealPlayer 12.0.0.1444 et antérieures ;
N/A	N/A	Linux RealPlayer 11.0.2.1744 et antérieures.
N/A	N/A	RealPlayer SP 1.1.5 et antérieures ;
N/A	N/A	RealPlayer 11.1 et antérieures ;
N/A	N/A	RealPlayer Enterprise 2.1.3 et antérieures ;

References

Title

Publication Time

Tags

Mise à jour de sécurité RealPlayer du 10 décembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac RealPlayer 12.0.0.1444 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Linux RealPlayer 11.0.2.1744 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer SP 1.1.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 11.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer Enterprise 2.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans RealPlayer. Elles\npeuvent \u00eatre utilis\u00e9es par une personne malveillante distante pour\nex\u00e9cuter du code arbitraire, notamment par le biais de fichiers AAC\nsp\u00e9cialement con\u00e7us. Ces vuln\u00e9rabilit\u00e9s n\u0027affectent pas les derni\u00e8res\nversions de RealPlayer.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0125"
    },
    {
      "name": "CVE-2010-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2997"
    },
    {
      "name": "CVE-2010-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4394"
    },
    {
      "name": "CVE-2010-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4380"
    },
    {
      "name": "CVE-2010-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4377"
    },
    {
      "name": "CVE-2010-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4384"
    },
    {
      "name": "CVE-2010-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4389"
    },
    {
      "name": "CVE-2010-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4391"
    },
    {
      "name": "CVE-2010-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4382"
    },
    {
      "name": "CVE-2010-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4379"
    },
    {
      "name": "CVE-2010-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
    },
    {
      "name": "CVE-2010-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4388"
    },
    {
      "name": "CVE-2010-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4397"
    },
    {
      "name": "CVE-2010-2999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2999"
    },
    {
      "name": "CVE-2010-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4385"
    },
    {
      "name": "CVE-2010-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4392"
    },
    {
      "name": "CVE-2010-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4378"
    },
    {
      "name": "CVE-2010-4383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4383"
    },
    {
      "name": "CVE-2010-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4387"
    },
    {
      "name": "CVE-2010-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0121"
    },
    {
      "name": "CVE-2010-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2579"
    },
    {
      "name": "CVE-2010-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4386"
    },
    {
      "name": "CVE-2010-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4381"
    },
    {
      "name": "CVE-2010-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4390"
    },
    {
      "name": "CVE-2010-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4396"
    },
    {
      "name": "CVE-2010-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4395"
    },
    {
      "name": "CVE-2010-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4375"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-586",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans RealPlayer permettent \u00e0 une personne\nmalveillante distante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 RealPlayer du 10 d\u00e9cembre 2010",
      "url": "http://service.real.com/realplayer/security/12102010_player/en/"
    }
  ]
}

GHSA-QW2F-744W-3W38

Vulnerability from github – Published: 2022-05-17 05:44 – Updated: 2025-04-11 03:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-14T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.",
  "id": "GHSA-qw2f-744w-3w38",
  "modified": "2025-04-11T03:41:52Z",
  "published": "2022-05-17T05:44:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4388"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/69857"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/69858"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/69859"
    },
    {
      "type": "WEB",
      "url": "http://service.real.com/realplayer/security/12102010_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024861"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-276"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-277"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-278"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4388 (GCVE-0-2010-4388)

FKIE_CVE-2010-4388

GSD-2010-4388

CERTA-2010-AVI-586

Description

Solution

CERTA-2010-AVI-586

Description

Solution

GHSA-QW2F-744W-3W38

Tags

Sightings

Nomenclature