Vulnerability Details CVE-2022-32271
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.8%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 6.8
References
Products affected by CVE-2022-32271
-
cpe:2.3:a:realnetworks:realplayer:20.0.8.310