Vulnerabilites related to realnetworks - realone_enterprise_desktop
CVE-2004-1798 (GCVE-0-2004-1798)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/9584 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1008647 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9378 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/3826 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/349086 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14168 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:47.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9584"
},
{
"name": "1008647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"name": "9378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"name": "3826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3826"
},
{
"name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"name": "realoneplayer-smil-xss(14168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9584"
},
{
"name": "1008647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"name": "9378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"name": "3826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3826"
},
{
"name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"name": "realoneplayer-smil-xss(14168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9584"
},
{
"name": "1008647",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008647"
},
{
"name": "9378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9378"
},
{
"name": "3826",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3826"
},
{
"name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"name": "realoneplayer-smil-xss(14168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1798",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:47.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0141 (GCVE-0-2003-0141)
Vulnerability from cvelistv5
Published
2003-03-29 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/7177 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=104887465427579&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/705761 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"name": "7177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7177"
},
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"name": "VU#705761",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"name": "7177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7177"
},
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"name": "VU#705761",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"name": "7177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7177"
},
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"name": "VU#705761",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/705761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0141",
"datePublished": "2003-03-29T05:00:00",
"dateReserved": "2003-03-13T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0258 (GCVE-0-2004-0258)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nextgenss.com/advisories/realone.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15040 | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/o-075.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.kb.cert.org/vuls/id/473814 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.service.real.com/help/faq/security/040123_player/EN/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/9579 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107608748813559&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nextgenss.com/advisories/realone.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0258",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1509 (GCVE-0-2003-1509)
Vulnerability from cvelistv5
Published
2007-10-25 19:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/help/faq/security/securityupdate_october2003.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8839 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13445 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"name": "8839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"name": "realoneplayer-temporary-script-execution(13445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"name": "8839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"name": "realoneplayer-temporary-script-execution(13445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/help/faq/security/securityupdate_october2003.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"name": "8839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8839"
},
{
"name": "realoneplayer-temporary-script-execution(13445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1509",
"datePublished": "2007-10-25T19:00:00",
"dateReserved": "2007-10-25T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0726 (GCVE-0-2003-0726)
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/8453 | vdb-entry, x_refsource_BID | |
| http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13028 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/335293 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.service.real.com/help/faq/security/securityupdate_august2003.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1007532 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8453"
},
{
"name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
"refsource": "MISC",
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0726",
"datePublished": "2003-09-03T04:00:00",
"dateReserved": "2003-09-02T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0273 (GCVE-0-2004-0273)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/514734 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107642978524321&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9580 | vdb-entry, x_refsource_BID | |
| http://service.real.com/help/faq/security/040123_player/EN/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#514734",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#514734",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#514734",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9580"
},
{
"name": "http://service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0273",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=104887465427579&w=2 | ||
| cve@mitre.org | http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/705761 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/7177 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=104887465427579&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/705761 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/7177 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 9.0.0.288 | |
| realnetworks | realone_player | 9.0.0.297 | |
| realnetworks | realplayer | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*",
"matchCriteriaId": "D6083AD8-024A-41C7-8189-BE0827239090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*",
"matchCriteriaId": "103892C8-6C98-4861-8252-0076EF1B1302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
}
],
"id": "CVE-2003-0141",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
"matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "971CE8B9-8A57-4849-9461-E4E79D1AB6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:unix:*:*:*:*:*",
"matchCriteriaId": "96180A27-295D-4C5E-9ED1-8D4F77C72183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, y RealPlayer Enterprise permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante ficheros 1) .RP, (2) .RT, (3) .RAM, (4) .RPM o (5) .SMIL malformados."
}
],
"id": "CVE-2004-0258",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 | |
| realnetworks | realplayer | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:*:*:*:*:*:*:*",
"matchCriteriaId": "B04AEBE0-0160-4EA0-A177-BB66B2A842CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
}
],
"id": "CVE-2004-1798",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9584"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/3826"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/3826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
"matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en RealOne Player, RealOne Player 2.0, y RealOne Enterprise Desktop permite a atacantes remotos subir ficheros arbitrarios mediante un fichero RMP que contenga secuencias .. (punto punto) en fichero de piel .rjs."
}
],
"id": "CVE-2004-0273",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
}
],
"id": "CVE-2003-1509",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
],
"id": "CVE-2003-0726",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007532"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}