CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.

Published: Oct 20, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0726
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
realnetworks / realone_desktop_manager	-	-
realnetworks / realone_player	6.0.11.841	6.0.11.841.x
realnetworks / realone_player	2.0	2.0.x
realnetworks / realone_enterprise_desktop	6.0.11.774	6.0.11.774.x
realnetworks / realone_player	6.0.11.830	6.0.11.830.x
realnetworks / realone_player	6.0.10.505-gold	6.0.10.505-gold.x
realnetworks / realone_player	6.0.11.818	6.0.11.818.x
realnetworks / realone_player	6.0.11.853	6.0.11.853.x

http://securitytracker.com/id?1007532
http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
http://www.securityfocus.com/archive/1/335293
http://www.securityfocus.com/bid/8453
http://www.service.real.com/help/faq/security/securityupdate_august2003.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13028

Vulnerability Database

289,871

CVE-2003-0726