![]() ![]() Real Player versions 16.00.282, 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from external::Import() arbitrary file download and directory traversal vulnerabilities that lead to remote code execution. ![]() tags | exploit, remote, code execution SHA-256 | 8a359aeb74dfcb0d2cdf2b2a15aeb57867b10d99cfa4221cac03bafb5f4b59b9 Download | Favorite | View Real Player 16.00.282 / 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 Remote Code Execution Posted Authored by Eduardo Braun Prado | Site Real Player versions 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from a DCP:// URI remote code execution vulnerability. tags | exploit, remote systems | windows SHA-256 | cdec3264c1dfb6072227ec32f752253561a495967fe39b8f043c7c2b09f4d8af Download | Favorite | View Real Player 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 DCP URI Remote Code Execution Posted Authored by Eduardo Braun Prado | Site Update - It has been noted that as of April 17, 2023, version 22.0.2.306 is also affected by this issue. To exploit the issue attackers would have to convince the target to open a media file from a WebDAV or SMB share. The Player application and the Recording Manager of Real Player versions 20.1.0.312 and 20.0.3.317 are prone to a remote DLL hijack (binary planting) issue because of an unsafe search for non-existent DLLs. Real Player 20.1.0.312 / 20.0.3.317 DLL Hijacking Posted Authored by Eduardo Braun Prado | Site "The more I research security vulnerabilities the more I want to research"
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |