Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   RealOne (RealPlayer) Vendors:   RealNetworks
RealPlayer Lets Remote Users Load Scripting Code from Local Files
SecurityTracker Alert ID:  1013054
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 2 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system
Exploit Included:  Yes  
Version(s): 10.5 Build
Description:   A vulnerability was reported in RealPlayer. A remote user can cause the player to run scripting code in the Local Computer zone.

http-equiv reported that a remote user can create a specially crafted Real Media file that, when loaded by the target user, will cause RealPlayer to load files from the target system and execute scripting code in the files in the Local Computer zone.

A demonstration exploit file is available at:

A demonstration exploit involving Microsoft Internet Explorer is available at:

Impact:   A remote user can cause specified files to be loaded on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents


Remote read / write / delete oozing the Internet Explorer object, which no 
one seems to have bothered to care about in 5 years. Same repitious jonk, 
if you haven't learnt by now, don't cry tomorrow. We can't all go around 
with a poop scoop picking up your pathetic droppings !


1. Too Slow !
2. Geting Rusty !



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC