PT-2022-21194 · Microsoft+1 · Internet Explorer+1
Published
2022-06-03
·
Updated
2023-08-08
·
CVE-2022-32269
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Real Player version 20.0.8.310
Description
The G2 Control in Real Player allows injection of unsafe javascript: URIs in local HTTP error pages, which are displayed by the Internet Explorer core. This leads to arbitrary code execution.
Recommendations
For Real Player version 20.0.8.310, consider disabling the G2 Control as a temporary workaround to prevent arbitrary code execution until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Explorer
Realplayer