5.1

CVE-2004-1798

Exploit

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

Data is provided by the National Vulnerability Database (NVD)
RealnetworksRealone Player Version1.0
RealnetworksRealone Player Version2.0
RealnetworksRealone Player Version6.0.10.505
RealnetworksRealone Player Version6.0.11.818
RealnetworksRealone Player Version6.0.11.830
RealnetworksRealone Player Version6.0.11.841
RealnetworksRealone Player Version6.0.11.853
RealnetworksRealone Player Version6.0.11.868
RealnetworksRealplayer Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.15% 0.827
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
http://secunia.com/advisories/9584
Patch
Vendor Advisory
http://securitytracker.com/id?1008647
Third Party Advisory
Exploit
VDB Entry
http://www.osvdb.org/3826
Patch
Broken Link
http://www.securityfocus.com/archive/1/349086
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/9378
Patch
Third Party Advisory
Exploit
VDB Entry