GEN:SID | 1:2412 |
Message | ATTACK-RESPONSES successful cross site scripting forced download attempt |
Summary | This event is generated when a cross-site scripting attempt using RealNetworks RealPlayer has been successful.
|
Impact | Cross site scripting, information disclosure.
|
Detailed Information | A vulnerability exists in versions of RealPlayer from RealNetworks that may allow a remote attacker to launch a sucessful cross-site scripting attack against a host running the application.
This event is indicative of a successful attack.
|
Affected Systems | RealNetworks RealPlayer |
Attack Scenarios | An attacker can supply a malformed file to the client making the request and use the vulnerability to gain sensitive information from the host.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | |