VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 14, 2010· Updated Apr 29, 2026

CVE-2010-4388

CVE-2010-4388

Description

The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20
  • RealNetworks/Realplayer20 versions
    cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:2.1.3:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*
    • (no CPE)range: 11.0 through 11.1, SP 1.0 through 1.1.5, Enterprise 2.1.2 and 2.1.3

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.