Vulnerability Key Information Vulnerability Overview CVE ID: CVE-2011-0694 CVE Base Score: 9.3/10 Risk: Medium Disclosure Date: 2011.02.22 Vulnerability Name: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability Affected Systems Local Exploit: No Remote Exploit: Yes Affected Vendor: RealNetworks Affected Product: RealNetworks RealPlayer Vulnerability Details Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable RealNetworks RealPlayer installations. To exploit this vulnerability, the user must access a malicious webpage or open a malicious file. The vulnerability exists in the temporary file naming scheme used to store references to Real Media files. Predictable temporary filenames can be exploited via the OpenURLinPlayerBrowser function (available class ID: FDC7A535-4070-4B92-A0EA-D9994BCC0DC5), using brute-force or combination attacks to target vulnerable files. Scope: Remote Exploit Complexity: Medium Impact Subscore: 10/10 Exploitability Subscore: 8.6/10 Authentication Required: None Availability Impact: Complete Confidentiality Impact: Complete Vulnerability Disclosure Timeline 2010-11-15: Vulnerability reported to vendor 2011-02-08: Coordinated public advisory released Discoverer Discovered by: Eduardo References ZeroDay Initiative SecurityTracker SecurityFocus Other Reference Links etc.