CVE-2003-0726
RealOne Player - Remote Code Execution via SMIL Scripting Protocol URL
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-0726. PoCs published by KrazySnake.
AI-analyzed exploit summary This SMIL file exploits a vulnerability in RealOne Player to execute arbitrary JavaScript in the context of a specified domain, allowing cookie theft. The PoC demonstrates reading cookies from https://order.real.com/pt/order.html after 9 seconds of audio playback.
Description
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
Exploits (1)
This SMIL file exploits a vulnerability in RealOne Player to execute arbitrary JavaScript in the context of a specified domain, allowing cookie theft. The PoC demonstrates reading cookies from https://order.real.com/pt/order.html after 9 seconds of audio playback.