CVE-2022-32269

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.
References
Link Resource
https://www.youtube.com/watch?v=9c9Q4VZQOUk Exploit Third Party Advisory
https://github.com/Edubr2020/RealPlayer_G2_RCE Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:realnetworks:realplayer:20.0.8.310:*:*:*:*:*:*:*

Information

Published : 2022-06-03 06:15

Updated : 2022-06-12 03:11


NVD link : CVE-2022-32269

Mitre link : CVE-2022-32269

Products Affected
No products.
CWE