Vulnerabilities > CVE-2011-1426 - Remote Code Execution vulnerability in Real Networks RealPlayer 'OpenURLInDefaultBrowser()' Function
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | REALPLAYER_12_0_1_647.NASL |
| description | According to its build number, the installed version of RealPlayer on the remote Windows host is affected by multiple vulnerabilities : - The OpenURLInDefaultBrowser() method will open and execute the first parameter based on the operating system |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 53409 |
| published | 2011-04-14 |
| reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/53409 |
| title | RealPlayer for Windows < Build 12.0.1.647 Multiple Vulnerabilities |
References
- http://securitytracker.com/id?1025351
- http://service.real.com/realplayer/security/04122011_player/en/
- http://www.securityfocus.com/archive/1/517470/100/0/threaded
- http://www.securityfocus.com/bid/47335
- http://www.vupen.com/english/advisories/2011/0979
- http://zerodayinitiative.com/advisories/ZDI-11-122/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66728