CVE-2010-4396
Published Dec 14, 2010
Last updated 14 years ago
Overview
- Description
- Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F"
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E2BC096-43B6-4696-8467-CC3D0163EFF5"
}
],
"operator": "OR"
}
]
}
]