Vulnerability Description
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realnetworks | Realone Enterprise Desktop | 6.0.11.774 |
| Realnetworks | Realone Player | 1.0 |
| Realnetworks | Realplayer | 8.0 |
References
- http://secunia.com/advisories/9584PatchVendor Advisory
- http://securitytracker.com/id?1008647ExploitThird Party AdvisoryVDB Entry
- http://www.osvdb.org/3826Broken LinkPatch
- http://www.securityfocus.com/archive/1/349086ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/9378ExploitPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14168Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/9584PatchVendor Advisory
- http://securitytracker.com/id?1008647ExploitThird Party AdvisoryVDB Entry
- http://www.osvdb.org/3826Broken LinkPatch
- http://www.securityfocus.com/archive/1/349086ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/9378ExploitPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14168Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-1798?
CVE-2004-1798 is a vulnerability with a CVSS score of 5.1 (MEDIUM). RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:"...
How severe is CVE-2004-1798?
CVE-2004-1798 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1798?
Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Realone Enterprise Desktop, Realnetworks Realone Player, Realnetworks Realplayer.