|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
RealOne player contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate JavaScript opened by a SMIL file or other file. This could allow a user to create a specially crafted URL result in theft of cookie-based authentication credentials, but more seriously, could also cause embedded script code to be executed in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Authentication Management,
Information Disclosure,
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
It is also possible to correct the flaw by implementing the following workaround(s):
1. English versions of and RealOne Player v2, RealOne Player can access the latest Gold player.
2. RealPlayer 10 Beta users and those with localized versions of RealOne Player and RealOne Player v2, use the following steps to update the Player:
-In the Tools menu select Check for Update.
-Select the box next to the "RealPlayer 10" (English) or ¡°RealOne Player¡± (localized) component.
-Click the Install button to download and install the update.
|
|
Products |
|
RealOne Player
 |
1.0 |
2 |
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
