CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://service.real.com/help/faq/security/securityupdate_october2003.html
http://www.securityfocus.com/bid/8839	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/13445

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:::::::*
	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.818:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.830:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.841:::::::*
	cpe:2.3:a:realnetworks:realone_player:6.0.11.853:::::::*

History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2003-1509

Mitre link : CVE-2003-1509

CVE.ORG link : CVE-2003-1509

JSON object : View

Products Affected

realnetworks

realone_player
realone_enterprise_desktop

CWE

NVD-CWE-Other

{"id": "CVE-2003-1509", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/8839", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."}], "lastModified": "2017-08-17T01:29:00.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458"}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE"}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264"}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A"}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A"}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}