| Vulnerability Name: | CVE-2022-32270 (CCN-227784) | ||||||||||||
| Assigned: | 2022-06-01 | ||||||||||||
| Published: | 2022-06-01 | ||||||||||||
| Updated: | 2022-06-12 | ||||||||||||
| Summary: | In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
8.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-32270 Source: XF Type: UNKNOWN realplayer-import-dir-traversal(227784) Source: CCN Type: GitHub Web site Real Player 'external::Import()' Arbitrary file download, Directory Traversal Vulnerabilities leads to Remote Code Execution Source: MISC Type: Exploit, Third Party Advisory https://github.com/Edubr2020/RP_Import_RCE Source: CCN Type: Packet Storm Security [06-01-2022] Real Player 16.00.282 / 16.0.3.51 / Cloud 17.0.9.17 / 20.0.7.309 Remote Code Execution Source: CCN Type: RealNetworks Web site RealPlayer and RealPlayer Cloud Source: MISC Type: Exploit, Third Party Advisory https://youtu.be/CONlijEgDLc | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||