The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2010-10-19 00:00
Updated : 2025-04-11 00:51
NVD link : CVE-2010-3749
Mitre link : CVE-2010-3749
CVE.ORG link : CVE-2010-3749
JSON object : View
Products Affected
                realnetworks
- realplayer
- realplayer_sp
CWE
                
                    
                        
                        CWE-94
                        
            Improper Control of Generation of Code ('Code Injection')
