N/A

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).

N/A

N/A

RealNetworks Real Player 路径遍历漏洞

RealNetworks Real Player是美国RealNetworks公司的一个跨平台的播放器，可欣赏各种在线音频和视频资料。 Real Player 20.0.7.309版本和20.0.8.310版本存在安全漏洞，该漏洞源于external::Import()允许下载任意文件类型和目录遍历，攻击者利用该漏洞可导致远程代码执行。

N/A

N/A