CVE-2004-0273

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=107642978524321&w=2 - () http://marc.info/?l=bugtraq&m=107642978524321&w=2 -
References () http://service.real.com/help/faq/security/040123_player/EN/ - Patch, Vendor Advisory () http://service.real.com/help/faq/security/040123_player/EN/ - Patch, Vendor Advisory
References () http://www.kb.cert.org/vuls/id/514734 - US Government Resource () http://www.kb.cert.org/vuls/id/514734 - US Government Resource
References () http://www.securityfocus.com/bid/9580 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/9580 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 -

Information

Published : 2004-11-23 05:00

Updated : 2024-11-20 23:48


NVD link : CVE-2004-0273

Mitre link : CVE-2004-0273

CVE.ORG link : CVE-2004-0273


JSON object : View

Products Affected

realnetworks

  • realone_desktop_manager
  • realone_enterprise_desktop
  • realone_player
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')