Arbitrary Script Execution in RealOne Player 6.0.11.868 via SMIL Presentation

Arbitrary Script Execution in RealOne Player 6.0.11.868 via SMIL Presentation

CVE-2004-1798 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

Learn more about our Web Application Penetration Testing UK.