CVE-2022-32271

Name of the Vulnerable Software and Affected Versions Real Player version 20.0.8.310

Description The issue concerns an internal URL protocol used by Real Player to reference files containing URLs, allowing for the injection of script code into arbitrary domains and the referencing of arbitrary local files. This is related to the DCP:// URI protocol.

Recommendations For Real Player version 20.0.8.310, consider disabling the use of the DCP:// URI protocol until a patch is available to prevent the injection of script code and the referencing of arbitrary local files. Restrict access to the internal URL protocol to minimize the risk of exploitation. Avoid using the DCP:// URI protocol in Real Player until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.