Title: RealOne Player Temporary File Default Browser Script Execution Vulnerability
Severity: HIGH
Description:
RealOne Player is a media player that is available for a number of platforms including Microsoft Windows and MacOS systems.
It has been reported that RealOne Player is vulnerable to an issue in the handling of temporary files. Because of this, an attacker may be able to perform unauthorized actions in a user's web browser.
Specific details pertaining to this issue are not currently available. It is known that under some circumstances, it is possible to write to temporary files before they are loaded in the default browser on a system. Data written to these files could include arbitrary URLs, as well as script code.
It is conjectured that this problem may be permit a loaded file to execute script through the default browser in the local security zone, thus making it possible to carry out actions on the local system on behalf of the RealOne Player user. However, this has not been confirmed by Real or Symantec.
Affected Products:
- Real Networks RealOne Desktop Manager 0.0.0
- Real Networks RealOne Enterprise Desktop 6.0.11.774
- Real Networks RealOne Player 0.0.0
- Real Networks RealOne Player 2.0.0
- Real Networks RealOne Player 6.0.11.818
- Real Networks RealOne Player 6.0.11.830
- Real Networks RealOne Player 6.0.11.841
- Real Networks RealOne Player 6.0.11.853
- Real Networks RealOne Player Gold for Windows 6.0.10.505
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
