CVE-2004-1798

Description

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

Affected products

• RealNetworks / realone_enterprise_desktop6.0.11.774 – 6.0.11.774
• RealNetworks / realone_player1.0 – 1.0
• RealNetworks / realone_player2.0 – 2.0
• RealNetworks / realone_player6.0.10.505 – 6.0.10.505
• RealNetworks / realone_player6.0.11.818 – 6.0.11.818
• RealNetworks / realone_player6.0.11.830 – 6.0.11.830
• RealNetworks / realone_player6.0.11.841 – 6.0.11.841
• RealNetworks / realone_player6.0.11.853 – 6.0.11.853
• RealNetworks / realone_player6.0.11.868 – 6.0.11.868
• RealNetworks / realplayer8.0 – 8.0

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/9584
• MISChttp://securitytracker.com/id?1008647
• MISChttp://www.securityfocus.com/bid/9378
• MISChttp://www.osvdb.org/3826
• MISChttp://www.securityfocus.com/archive/1/349086
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/14168