VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1798

CVE-2004-1798

Description

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

Affected products

10
  • RealNetworks/Realone Enterprise Desktop
    cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
  • RealNetworks/Realone Player8 versions
    cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:6.0.10.505:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*
  • RealNetworks/Realplayer
    cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.