DCP:// URI Remote Arbitrary Code Execution Vulnerability in Real Player 20.0.8.310
CVE-2022-32271 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.
Learn more about our Internal Network Penetration Testing.