Vulnerabilities > CVE-2003-0726 - Unspecified vulnerability in Realnetworks products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN realnetworks
exploit available
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
Vulnerable Configurations
Exploit-Db
| description | RealOne Player 1.0/2.0/6.0.10/6.0.11 SMIL File Script Execution Vulnerability. CVE-2003-0726. Remote exploit for windows platform |
| id | EDB-ID:23043 |
| last seen | 2016-02-02 |
| modified | 2003-08-19 |
| published | 2003-08-19 |
| reporter | KrazySnake |
| source | https://www.exploit-db.com/download/23043/ |
| title | RealOne Player 1.0/2.0/6.0.10/6.0.11 SMIL File Script Execution Vulnerability |
References
- http://www.securityfocus.com/archive/1/335293
- http://www.securityfocus.com/bid/8453
- http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
- http://www.service.real.com/help/faq/security/securityupdate_august2003.html
- http://securitytracker.com/id?1007532
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13028