{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-21T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "44144", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44144"}, {"name": "15991", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/15991"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"}, {"name": "44443", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44443"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://service.real.com/realplayer/security/10152010_player/en/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3749", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "44144", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44144"}, {"name": "15991", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/15991"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"}, {"name": "44443", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44443"}, {"name": "http://service.real.com/realplayer/security/10152010_player/en/", "refsource": "CONFIRM", "url": "http://service.real.com/realplayer/security/10152010_player/en/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:18:53.214Z"}, "title": "CVE Program Container", "references": [{"name": "44144", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44144"}, {"name": "15991", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/15991"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"}, {"name": "44443", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44443"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://service.real.com/realplayer/security/10152010_player/en/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3749", "datePublished": "2010-10-18T22:00:00", "dateReserved": "2010-10-05T00:00:00", "dateUpdated": "2024-08-07T03:18:53.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a \" (double quote) in an argument to the RecordClip method, aka \"parameter injection.\""}, {"lang": "es", "value": "La implementaci\u00f3n del complemento del navegador de RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP 1.0 hasta la v1.1 no maneja apropiadamente un caracter sin especificar dentro de los argumentos del m\u00e9todo RecordClip; lo que permite a atacantes remotos descargar programas de su elecci\u00f3n en el ordenador cliente, y ejecutar estos programas, a trav\u00e9s de una llamada a m\u00e9todo modificada. Relacionado con un problema de inyecci\u00f3n de par\u00e1metros."}], "id": "CVE-2010-3749", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-10-19T00:00:01.533", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://service.real.com/realplayer/security/10152010_player/en/"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/15991"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44144"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44443"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://service.real.com/realplayer/security/10152010_player/en/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/15991"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/44144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/44443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-211/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}