漏洞信息详情

RealOne Player SMIL文件脚本执行变化漏洞

  • CNNVD编号:CNNVD-200412-909
  • 危害等级: 中危
  • CVE编号: CVE-2004-1798
  • 漏洞类型: 输入验证
  • 发布时间: 2004-12-31
  • 威胁类型: 远程
  • 更新时间: 2006-01-05
  • 厂        商: realnetworks
  • 漏洞来源: Discovery is credi...

漏洞简介

RealOne player 6.0.11.868版本存在漏洞。远程攻击者可以借助带有\"file:javascript:\" URL的Synchronized Multimedia Integration Language (SMIL)描述在\"My Computer\"区域中执行任意脚本,该漏洞在之前载入的URL的安全上下文中被执行,该漏洞不同于CVE-2003-0726。

漏洞公告

RealSecurity has released an advisory dealing with this issue. The following text, describing how to apply the patch to address the issue with the vulnerable software, has been taken verbatim from the advisory: Windows Players: RealOne Player, RealOne Player v2 (localized languages) and RealPlayer 10 Beta customers please use the following steps to update your Player: 1. In the Tools menu select Check for Update. 2. Select the box next to the "RealPlayer 10" (English) or "RealOne Player" (localized) component. 3. Click the Install button to download and install the update. RealPlayer 8 (version 6.0.9.584): 1. Go to the Help menu. 2. Select "Check for Update". 3. Select the box next to the "RealPlayer 10" (English) or "RealOne Player" (localized) component. 4. Click the Install button to download and install the update.

参考网址

来源: BID 名称: 9378 链接:http://www.securityfocus.com/bid/9378 来源: OSVDB 名称: 3826 链接:http://www.osvdb.org/3826 来源: SECUNIA 名称: 9584 链接:http://secunia.com/advisories/9584 来源: XF 名称: realoneplayer-smil-xss(14168) 链接:http://xforce.iss.net/xforce/xfdb/14168 来源: BUGTRAQ 名称: 20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player 链接:http://www.securityfocus.com/archive/1/349086 来源: SECTRACK 名称: 1008647 链接:http://securitytracker.com/id?1008647

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多