Описание
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
Ссылки
- PatchVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkPatch
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkPatch
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.10.505:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02149
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
EPSS
Процентиль: 84%
0.02149
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other