Description
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by KrazySnake · textremotewindows
https://www.exploit-db.com/exploits/23043
References (6)
Core 6
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8453
Exploit, Patch, Vendor Advisory, URL Repurposed x_refsource_misc
http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13028
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/335293
Various Sources x_refsource_confirm
http://www.service.real.com/help/faq/security/securityupdate_august2003.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1007532
Scores
EPSS
0.0958
EPSS Percentile
92.9%
Details
Status
published
Products (8)
realnetworks/realone_desktop_manager
realnetworks/realone_enterprise_desktop
6.0.11.774
realnetworks/realone_player
2.0
realnetworks/realone_player
6.0.10.505 gold
realnetworks/realone_player
6.0.11.818
realnetworks/realone_player
6.0.11.830
realnetworks/realone_player
6.0.11.841
realnetworks/realone_player
6.0.11.853
Published
Oct 20, 2003
Tracked Since
Feb 18, 2026