CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.042

EPSS Ranking 88.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/Edubr2020/RP_Import_RCE
https://youtu.be/CONlijEgDLc
https://github.com/Edubr2020/RP_Import_RCE
https://youtu.be/CONlijEgDLc

Products affected by CVE-2022-32270

Realnetworks » Realplayer » Version: 20.0.7.309

cpe:2.3:a:realnetworks:realplayer:20.0.7.309
Realnetworks » Realplayer » Version: 20.0.8.310

cpe:2.3:a:realnetworks:realplayer:20.0.8.310

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-32270

Products

Pricing

Contact Us