SecuritySpace - CVE-2010-4396

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2010-4396

Description: Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-4396
http://www.zerodayinitiative.com/advisories/ZDI-10-275
http://osvdb.org/69855
http://www.securitytracker.com/id?1024861

CVE ID:	CVE-2010-4396
Description:	Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4396 http://www.zerodayinitiative.com/advisories/ZDI-10-275 http://osvdb.org/69855 http://www.securitytracker.com/id?1024861