CVE-2004-1798

Name of the Vulnerable Software and Affected Versions RealOne player version 6.0.11.868

Description The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL. The script is executed in the security context of the previously loaded URL.

Recommendations For RealOne player version 6.0.11.868, consider disabling the execution of SMIL presentations with "file:javascript:" URLs as a temporary workaround until a patch is available. Restrict access to SMIL files to minimize the risk of exploitation.