Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2437 |
Message | WEB-CLIENT RealPlayer arbitrary javascript command attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in RealOne Player. |
Impact | Serious. Execution of arbitrary code is possible. |
Detailed Information | It may be possible for an attacker to execute code of their choosing by using a vulnerability in RealOne Player from RealNetworks. If a malicious URI is embedded in a SMIL presentation that points to script of the attackers choosing, the code may be executed with privileges assigned to the "My Computer" zone. |
Affected Systems | RealOne Player for Windows |
Attack Scenarios | An attacker could embed a URI of their choosing in a presentation and entice a user to click the link from within RealOne Player. The code referenced by this URI would then be executed on the client machine. |
Ease of Attack | Simple. No exploit software required. |
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. |
Additional References | |
Rule References | bugtraq: 8453 bugtraq: 9378 cve: 2003-0726 |
--
DID:119592
--
http://www.aanval.com/