Published: 20/10/2003 Updated: 14/02/2024

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

RealOne player allows remote malicious users to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realnetworks realone desktop manager
realnetworks realone player 6.0.11.841
realnetworks realone player 2.0
realnetworks realone enterprise desktop 6.0.11.774
realnetworks realone player 6.0.11.830
realnetworks realone player 6.0.10.505
realnetworks realone player 6.0.11.818
realnetworks realone player 6.0.11.853

source: wwwsecurityfocuscom/bid/8453/info Real Networks has reported a vulnerability in RealOne Player Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker This could allow for theft of cookie-based authentication credentials or other attacks This vulnerability could also be ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/335293 http://www.securityfocus.com/bid/8453 http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html http://www.service.real.com/help/faq/security/securityupdate_august2003.html http://securitytracker.com/id?1007532 https://exchange.xforce.ibmcloud.com/vulnerabilities/13028 https://nvd.nist.gov https://www.exploit-db.com/exploits/23043/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0726

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect