Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1798

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-1798
Last Modified 05 Sep 2008 04:42:23
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1798

Summary

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

Vulnerable Systems

Application

  • Realnetworks Realone Desktop Manager

  • Realnetworks Realone Enterprise Desktop 6.0.11.774

  • Realnetworks Realone Player 1.0

  • Realnetworks Realone Player 2.0

  • Realnetworks Realone Player 6.0.10.505

  • Realnetworks Realone Player 6.0.11.818

  • Realnetworks Realone Player 6.0.11.830

  • Realnetworks Realone Player 6.0.11.841

  • Realnetworks Realone Player 6.0.11.853

  • Realnetworks Realone Player 6.0.11.868

  • Realnetworks Realplayer 8.0


References

BID - 9378

OSVDB - 3826

SECUNIA - 9584

XF - realoneplayer-smil-xss(14168)

BUGTRAQ - 20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player

SECTRACK - 1008647


Last Updated: 27 May 2016 10:39:11