Martin Bartek

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 11.0 through 11.1 RealPlayer versions 14.0.0 through 14.0.5 RealPlayer SP versions 1.0 through 1.1.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. This is a result of a cross-zone scripting vulnerability in the RealPlayer ActiveX control. **Recommendations** For RealPlayer versions 11.0 through 11.1, update to a version outside of this range to resolve the issue. For RealPlayer versions 14.0.0 through 14.0.5, update to a version outside of this range to resolve the issue. For RealPlayer SP versions 1.0 through 1.1.5, update to a version outside of this range to resolve the issue.