CVE-2004-1798

Published Dec 31, 2004

Last updated 7 years ago

CVSS info 5.1

Overview

Description: RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B04AEBE0-0160-4EA0-A177-BB66B2A842CE"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References