Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2437 |
| Message | WEB-CLIENT RealPlayer arbitrary javascript command attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in RealOne Player. |
| Impact | Serious. Execution of arbitrary code is possible. |
| Detailed Information | It may be possible for an attacker to execute code of their choosing by using a vulnerability in RealOne Player from RealNetworks. If a malicious URI is embedded in a SMIL presentation that points to script of the attackers choosing, the code may be executed with privileges assigned to the "My Computer" zone. |
| Affected Systems | RealOne Player for Windows |
| Attack Scenarios | An attacker could embed a URI of their choosing in a presentation and entice a user to click the link from within RealOne Player. The code referenced by this URI would then be executed on the client machine. |
| Ease of Attack | Simple. No exploit software required. |
| Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. |
| Additional References | |
| Rule References | bugtraq: 8453 bugtraq: 9378 cve: 2003-0726 |
--
DID:119592
--
http://www.aanval.com/