Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for realone_enterprise_desktop by realnetworks

    CVE-2003-1509 (GCVE-0-2003-1509)

    Vulnerability from cvelistv5 – Published: 2007-10-25 19:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-10-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:03.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
              },
              {
                "name": "8839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8839"
              },
              {
                "name": "realoneplayer-temporary-script-execution(13445)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-10-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
            },
            {
              "name": "8839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8839"
            },
            {
              "name": "realoneplayer-temporary-script-execution(13445)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1509",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://service.real.com/help/faq/security/securityupdate_october2003.html",
                  "refsource": "CONFIRM",
                  "url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
                },
                {
                  "name": "8839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8839"
                },
                {
                  "name": "realoneplayer-temporary-script-execution(13445)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1509",
        "datePublished": "2007-10-25T19:00:00.000Z",
        "dateReserved": "2007-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:03.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1798 (GCVE-0-2004-1798)

    Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
    VLAI
    Summary
    RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/9584 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1008647 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/9378 vdb-entryx_refsource_BID
    http://www.osvdb.org/3826 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/349086 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:07:47.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/9584"
              },
              {
                "name": "1008647",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1008647"
              },
              {
                "name": "9378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9378"
              },
              {
                "name": "3826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/3826"
              },
              {
                "name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/349086"
              },
              {
                "name": "realoneplayer-smil-xss(14168)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/9584"
            },
            {
              "name": "1008647",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1008647"
            },
            {
              "name": "9378",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9378"
            },
            {
              "name": "3826",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/3826"
            },
            {
              "name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/349086"
            },
            {
              "name": "realoneplayer-smil-xss(14168)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1798",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9584",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/9584"
                },
                {
                  "name": "1008647",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1008647"
                },
                {
                  "name": "9378",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9378"
                },
                {
                  "name": "3826",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/3826"
                },
                {
                  "name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/349086"
                },
                {
                  "name": "realoneplayer-smil-xss(14168)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1798",
        "datePublished": "2005-05-10T04:00:00.000Z",
        "dateReserved": "2005-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:07:47.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0273 (GCVE-0-2004-0273)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/514734 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=107642978524321&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/9580 vdb-entryx_refsource_BID
    http://service.real.com/help/faq/security/040123_… x_refsource_CONFIRM
    Date Public
    2004-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#514734",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/514734"
              },
              {
                "name": "realoneplayer-rmp-directory-traversal(15123)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
              },
              {
                "name": "20040210 Directory traversal in RealPlayer allows code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
              },
              {
                "name": "9580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9580"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.real.com/help/faq/security/040123_player/EN/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#514734",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/514734"
            },
            {
              "name": "realoneplayer-rmp-directory-traversal(15123)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
            },
            {
              "name": "20040210 Directory traversal in RealPlayer allows code execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
            },
            {
              "name": "9580",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9580"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.real.com/help/faq/security/040123_player/EN/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#514734",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/514734"
                },
                {
                  "name": "realoneplayer-rmp-directory-traversal(15123)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
                },
                {
                  "name": "20040210 Directory traversal in RealPlayer allows code execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
                },
                {
                  "name": "9580",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9580"
                },
                {
                  "name": "http://service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://service.real.com/help/faq/security/040123_player/EN/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0273",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0258 (GCVE-0-2004-0258)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nextgenss.com/advisories/realone.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ciac.org/ciac/bulletins/o-075.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.kb.cert.org/vuls/id/473814 third-party-advisoryx_refsource_CERT-VN
    http://www.service.real.com/help/faq/security/040… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/9579 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=107608748813559&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2004-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nextgenss.com/advisories/realone.txt"
              },
              {
                "name": "realoneplayer-multiple-file-bo(15040)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
              },
              {
                "name": "O-075",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
              },
              {
                "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
              },
              {
                "name": "VU#473814",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/473814"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
              },
              {
                "name": "9579",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9579"
              },
              {
                "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nextgenss.com/advisories/realone.txt"
            },
            {
              "name": "realoneplayer-multiple-file-bo(15040)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
            },
            {
              "name": "O-075",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
            },
            {
              "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
            },
            {
              "name": "VU#473814",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/473814"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
            },
            {
              "name": "9579",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9579"
            },
            {
              "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0258",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nextgenss.com/advisories/realone.txt",
                  "refsource": "MISC",
                  "url": "http://www.nextgenss.com/advisories/realone.txt"
                },
                {
                  "name": "realoneplayer-multiple-file-bo(15040)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
                },
                {
                  "name": "O-075",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
                },
                {
                  "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
                },
                {
                  "name": "VU#473814",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/473814"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
                },
                {
                  "name": "9579",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9579"
                },
                {
                  "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0258",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0726 (GCVE-0-2003-0726)

    Vulnerability from cvelistv5 – Published: 2003-09-03 04:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8453",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8453"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
              },
              {
                "name": "realone-smil-execute-code(13028)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
              },
              {
                "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/335293"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
              },
              {
                "name": "1007532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1007532"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8453",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8453"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
            },
            {
              "name": "realone-smil-execute-code(13028)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
            },
            {
              "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/335293"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
            },
            {
              "name": "1007532",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1007532"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0726",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8453",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8453"
                },
                {
                  "name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
                  "refsource": "MISC",
                  "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
                },
                {
                  "name": "realone-smil-execute-code(13028)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
                },
                {
                  "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/335293"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
                },
                {
                  "name": "1007532",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1007532"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0726",
        "datePublished": "2003-09-03T04:00:00.000Z",
        "dateReserved": "2003-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0141 (GCVE-0-2003-0141)

    Vulnerability from cvelistv5 – Published: 2003-03-29 05:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.securityfocus.com/bid/7177 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=104887465427579&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.coresecurity.com/common/showdoc.php?id… x_refsource_MISC
    http://www.kb.cert.org/vuls/id/705761 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2003-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:35.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
              },
              {
                "name": "7177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7177"
              },
              {
                "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
              },
              {
                "name": "VU#705761",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/705761"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
            },
            {
              "name": "7177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7177"
            },
            {
              "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
            },
            {
              "name": "VU#705761",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/705761"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0141",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
                },
                {
                  "name": "7177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7177"
                },
                {
                  "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
                },
                {
                  "name": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
                },
                {
                  "name": "VU#705761",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/705761"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0141",
        "datePublished": "2003-03-29T05:00:00.000Z",
        "dateReserved": "2003-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:35.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1798 (GCVE-0-2004-1798)

    Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
    VLAI
    Summary
    RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/9584 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1008647 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/9378 vdb-entryx_refsource_BID
    http://www.osvdb.org/3826 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/349086 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:07:47.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/9584"
              },
              {
                "name": "1008647",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1008647"
              },
              {
                "name": "9378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9378"
              },
              {
                "name": "3826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/3826"
              },
              {
                "name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/349086"
              },
              {
                "name": "realoneplayer-smil-xss(14168)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/9584"
            },
            {
              "name": "1008647",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1008647"
            },
            {
              "name": "9378",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9378"
            },
            {
              "name": "3826",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/3826"
            },
            {
              "name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/349086"
            },
            {
              "name": "realoneplayer-smil-xss(14168)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1798",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9584",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/9584"
                },
                {
                  "name": "1008647",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1008647"
                },
                {
                  "name": "9378",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9378"
                },
                {
                  "name": "3826",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/3826"
                },
                {
                  "name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/349086"
                },
                {
                  "name": "realoneplayer-smil-xss(14168)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1798",
        "datePublished": "2005-05-10T04:00:00.000Z",
        "dateReserved": "2005-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:07:47.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0273 (GCVE-0-2004-0273)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/514734 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=107642978524321&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/9580 vdb-entryx_refsource_BID
    http://service.real.com/help/faq/security/040123_… x_refsource_CONFIRM
    Date Public
    2004-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#514734",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/514734"
              },
              {
                "name": "realoneplayer-rmp-directory-traversal(15123)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
              },
              {
                "name": "20040210 Directory traversal in RealPlayer allows code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
              },
              {
                "name": "9580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9580"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.real.com/help/faq/security/040123_player/EN/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#514734",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/514734"
            },
            {
              "name": "realoneplayer-rmp-directory-traversal(15123)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
            },
            {
              "name": "20040210 Directory traversal in RealPlayer allows code execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
            },
            {
              "name": "9580",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9580"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.real.com/help/faq/security/040123_player/EN/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#514734",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/514734"
                },
                {
                  "name": "realoneplayer-rmp-directory-traversal(15123)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
                },
                {
                  "name": "20040210 Directory traversal in RealPlayer allows code execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
                },
                {
                  "name": "9580",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9580"
                },
                {
                  "name": "http://service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://service.real.com/help/faq/security/040123_player/EN/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0273",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0258 (GCVE-0-2004-0258)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nextgenss.com/advisories/realone.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ciac.org/ciac/bulletins/o-075.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.kb.cert.org/vuls/id/473814 third-party-advisoryx_refsource_CERT-VN
    http://www.service.real.com/help/faq/security/040… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/9579 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=107608748813559&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2004-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nextgenss.com/advisories/realone.txt"
              },
              {
                "name": "realoneplayer-multiple-file-bo(15040)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
              },
              {
                "name": "O-075",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
              },
              {
                "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
              },
              {
                "name": "VU#473814",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/473814"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
              },
              {
                "name": "9579",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9579"
              },
              {
                "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nextgenss.com/advisories/realone.txt"
            },
            {
              "name": "realoneplayer-multiple-file-bo(15040)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
            },
            {
              "name": "O-075",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
            },
            {
              "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
            },
            {
              "name": "VU#473814",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/473814"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
            },
            {
              "name": "9579",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9579"
            },
            {
              "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0258",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nextgenss.com/advisories/realone.txt",
                  "refsource": "MISC",
                  "url": "http://www.nextgenss.com/advisories/realone.txt"
                },
                {
                  "name": "realoneplayer-multiple-file-bo(15040)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
                },
                {
                  "name": "O-075",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
                },
                {
                  "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
                },
                {
                  "name": "VU#473814",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/473814"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
                },
                {
                  "name": "9579",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9579"
                },
                {
                  "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0258",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1509 (GCVE-0-2003-1509)

    Vulnerability from nvd – Published: 2007-10-25 19:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-10-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:03.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
              },
              {
                "name": "8839",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8839"
              },
              {
                "name": "realoneplayer-temporary-script-execution(13445)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-10-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
            },
            {
              "name": "8839",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8839"
            },
            {
              "name": "realoneplayer-temporary-script-execution(13445)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1509",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://service.real.com/help/faq/security/securityupdate_october2003.html",
                  "refsource": "CONFIRM",
                  "url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
                },
                {
                  "name": "8839",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8839"
                },
                {
                  "name": "realoneplayer-temporary-script-execution(13445)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1509",
        "datePublished": "2007-10-25T19:00:00.000Z",
        "dateReserved": "2007-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:03.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0726 (GCVE-0-2003-0726)

    Vulnerability from nvd – Published: 2003-09-03 04:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8453",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8453"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
              },
              {
                "name": "realone-smil-execute-code(13028)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
              },
              {
                "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/335293"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
              },
              {
                "name": "1007532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1007532"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8453",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8453"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
            },
            {
              "name": "realone-smil-execute-code(13028)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
            },
            {
              "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/335293"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
            },
            {
              "name": "1007532",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1007532"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0726",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8453",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8453"
                },
                {
                  "name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
                  "refsource": "MISC",
                  "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
                },
                {
                  "name": "realone-smil-execute-code(13028)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
                },
                {
                  "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/335293"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
                },
                {
                  "name": "1007532",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1007532"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0726",
        "datePublished": "2003-09-03T04:00:00.000Z",
        "dateReserved": "2003-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0141 (GCVE-0-2003-0141)

    Vulnerability from nvd – Published: 2003-03-29 05:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.securityfocus.com/bid/7177 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=104887465427579&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.coresecurity.com/common/showdoc.php?id… x_refsource_MISC
    http://www.kb.cert.org/vuls/id/705761 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2003-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:35.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
              },
              {
                "name": "7177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7177"
              },
              {
                "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
              },
              {
                "name": "VU#705761",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/705761"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
            },
            {
              "name": "7177",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7177"
            },
            {
              "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
            },
            {
              "name": "VU#705761",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/705761"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0141",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
                },
                {
                  "name": "7177",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7177"
                },
                {
                  "name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
                },
                {
                  "name": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
                },
                {
                  "name": "VU#705761",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/705761"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0141",
        "datePublished": "2003-03-29T05:00:00.000Z",
        "dateReserved": "2003-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:35.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }