RealOne player allows remote malicious users to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
realnetworks realone desktop manager |
||
realnetworks realone player 6.0.11.841 |
||
realnetworks realone player 2.0 |
||
realnetworks realone enterprise desktop 6.0.11.774 |
||
realnetworks realone player 6.0.11.830 |
||
realnetworks realone player 6.0.10.505 |
||
realnetworks realone player 6.0.11.818 |
||
realnetworks realone player 6.0.11.853 |