DCP:// URI Remote Arbitrary Code Execution Vulnerability in Real Player 20.0.8.310

DCP:// URI Remote Arbitrary Code Execution Vulnerability in Real Player 20.0.8.310

CVE-2022-32271 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.

Learn more about our Internal Network Penetration Testing.