Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0273

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-0273
Last Modified 05 Sep 2008 12:00:00
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0273

Summary

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

Vulnerable Systems

Application

  • Realnetworks Realone Desktop Manager

  • Realnetworks Realone Enterprise Desktop 6.0.11.774

  • Realnetworks Realone Player 1.0

  • Realnetworks Realone Player 2.0

  • Realnetworks Realone Player 6.0.11.818

  • Realnetworks Realone Player 6.0.11.830

  • Realnetworks Realone Player 6.0.11.841

  • Realnetworks Realone Player 6.0.11.853

  • Realnetworks Realone Player 6.0.11.868


References

CERT-VN - VU#514734

BID - 9580

CONFIRM - http://service.real.com/help/faq/security/040123_player/EN/

BUGTRAQ - 20040210 Directory traversal in RealPlayer allows code execution

XF - realoneplayer-rmp-directory-traversal(15123)


Last Updated: 27 May 2016 10:38:32