RealNetworks RealPlayer Drag And Drop Zone Bypass Vulnerability

RealNetworks RealPlayer is reported susceptible to a security zone bypass vulnerability. This issue is due to a failure of the application to properly enforce security zones, potentially allowing remote attackers to execute HTML or script code in the Local Zone of affected client computers.

The embedded Internet Explorer engine in RealPlayer reportedly loads attacker-supplied files in the Local Zone, allowing attackers to execute malicious HTML and script code with potentially elevated privileges. This issue may be a variant, or be related to BIDs 10973, or 11466.

It is unclear at this time if a further vulnerability has been discovered by this disclosure. This BID will be updated as further analysis is completed.


Privacy Statement
Copyright 2010, SecurityFocus