CVE-2004-1798
RealOne Player 6.0.11.868 - Remote Code Execution via SMIL File JavaScript URL
Title source: llmDescription
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
References (6)
Core 6
Core References
Broken Link, Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3826
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/9584
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1008647
Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9378
Exploit, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/349086
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14168
Scores
EPSS
0.0215
EPSS Percentile
84.5%
Details
Status
published
Products (10)
realnetworks/realone_enterprise_desktop
6.0.11.774
realnetworks/realone_player
1.0
realnetworks/realone_player
2.0
realnetworks/realone_player
6.0.10.505
realnetworks/realone_player
6.0.11.818
realnetworks/realone_player
6.0.11.830
realnetworks/realone_player
6.0.11.841
realnetworks/realone_player
6.0.11.853
realnetworks/realone_player
6.0.11.868
realnetworks/realplayer
8.0
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026