ID: CVE-2022-32269

Last Modified: June 3, 2022

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.

                    <?xml version="1.0" ?>
<set operator="and"/>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="program_influence" value="input"/>
</set>