CVE-2010-4388 Information

Description

The (1) Upsell.htm (2) Main.html and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1 RealPlayer SP 1.0 through 1.1.5 and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls via unspecified vectors.

Reference

http://osvdb.org/69857 http://osvdb.org/69858 http://osvdb.org/69859 http://service.real.com/realplayer/security/12102010_player/en/ http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-276 http://www.zerodayinitiative.com/advisories/ZDI-10-277 http://www.zerodayinitiative.com/advisories/ZDI-10-278