CVE-2003-0726

medium

Description

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/13028

http://www.service.real.com/help/faq/security/securityupdate_august2003.html

http://securitytracker.com/id?1007532

Details

Source: Mitre, NVD

Published: 2003-10-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.10603