Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0726

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2003-0726
Last Modified 05 Sep 2008 04:35:05
Published 20 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-0726

Summary

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.

Vulnerable Systems

Application

  • Realnetworks Realone Desktop Manager

  • Realnetworks Realone Enterprise Desktop 6.0.11.774

  • Realnetworks Realone Player 2.0

  • Realnetworks Realone Player 6.0.10.505

  • Realnetworks Realone Player 6.0.11.818

  • Realnetworks Realone Player 6.0.11.830

  • Realnetworks Realone Player 6.0.11.841

  • Realnetworks Realone Player 6.0.11.853


References

BID - 8453

MISC - http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html

XF - realone-smil-execute-code(13028)

CONFIRM - http://www.service.real.com/help/faq/security/securityupdate_august2003.html

BUGTRAQ - 20030827 RealOne Player Allows Cross Zone and Domain Access

SECTRACK - 1007532


Last Updated: 27 May 2016 10:38:01