CVE-2003-0726 - Vulnerability Details - OpenCVE

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Realnetworks	Realone Desktop Manager Realone Enterprise Desktop Realone Player

Configuration 1 [-]

OR	cpe:2.3:a:realnetworks:realone_desktop_manager::::::::
	cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:::::::*
	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold::::::
	cpe:2.3:a:realnetworks:realone_player:6.0.11.818:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.830:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.841:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.853:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1007532
http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
http://www.securityfocus.com/archive/1/335293
http://www.securityfocus.com/bid/8453
http://www.service.real.com/help/faq/security/securityupdate_august2003.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13028

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-09-03T04:00:00

Updated: 2024-08-08T02:05:12.494Z

Reserved: 2003-09-02T00:00:00

Link: CVE-2003-0726

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2003-10-20T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2003-0726

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8453", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/8453"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"}, {"name": "realone-smil-execute-code(13028)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"}, {"name": "20030827 RealOne Player Allows Cross Zone and Domain Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/335293"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"}, {"name": "1007532", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1007532"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0726", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8453", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8453"}, {"name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html", "refsource": "MISC", "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"}, {"name": "realone-smil-execute-code(13028)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"}, {"name": "20030827 RealOne Player Allows Cross Zone and Domain Access", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/335293"}, {"name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html", "refsource": "CONFIRM", "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"}, {"name": "1007532", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007532"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:05:12.494Z"}, "title": "CVE Program Container", "references": [{"name": "8453", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/8453"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"}, {"name": "realone-smil-execute-code(13028)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"}, {"name": "20030827 RealOne Player Allows Cross Zone and Domain Access", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/335293"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"}, {"name": "1007532", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1007532"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0726", "datePublished": "2003-09-03T04:00:00", "dateReserved": "2003-09-02T00:00:00", "dateUpdated": "2024-08-08T02:05:12.494Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*", "matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*", "matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*", "matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*", "matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*", "matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*", "matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."}], "id": "CVE-2003-0726", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2003-10-20T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1007532"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory", "URL Repurposed"], "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/335293"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/8453"}, {"source": "cve@mitre.org", "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1007532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory", "URL Repurposed"], "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/335293"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/8453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}