ID: CVE-2022-32271

Last Modified: June 3, 2022

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.

                    <?xml version="1.0" ?>
<set operator="and"/>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="program_influence" value="input"/>
</set>