Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | RealOne Player Input Validation Flaw Permits Remote Script Execution |
|---|
Categorie: Vulnerability
Posted: 2004-01-12 by ReCall
Views: 406
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: An input validation vulnerability was reported in RealOne. A remote user can execute scripting code in the local computer security zone.
Arman Nayyeri reported that the player does not filter HTML scripting code from SMI files. A remote user can reportedly create an SMI file that, when loaded by the target user, will execute arbitrary Javascript code. The code may be able to access and modify files on the target user's system.
According the report, a statement in the following format can trigger the flaw:
file:javascript:document.write('[JSCODE]')
The code can be executed in the security zone of last page that was loaded, the report said.
A demonstration exploit is available at:
http://www.freewebs.com/arman2/arealexploit.htm
Impact: A remote user can create HTML that, when loaded by a target user, will execute a malicious SMI file to run malicious scripting code. The code can, for example, modify files on the target system.
Solution: No solution was available at the time of this entry.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=637
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
