| Vulnerability Name: | CVE-2004-0273 (CCN-15123) | ||||||||
| Assigned: | 2004-02-10 | ||||||||
| Published: | 2004-02-10 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-22 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Feb 10 2004 - 09:08:37 CST Directory traversal in RealPlayer allows code execution Source: MITRE Type: CNA CVE-2004-0273 Source: BUGTRAQ Type: UNKNOWN 20040210 Directory traversal in RealPlayer allows code execution Source: CCN Type: RealNetworks, Inc. Releases Update Updated February 4, 2004 RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. Source: CONFIRM Type: Patch, Vendor Advisory http://service.real.com/help/faq/security/040123_player/EN/ Source: CCN Type: US-CERT VU#514734 Multiple Real media players fail to properly validate RMP files Source: CERT-VN Type: US Government Resource VU#514734 Source: CCN Type: OSVDB ID: 6616 RealOne Player RMP File Upload Arbitrary File Source: BID Type: Patch, Vendor Advisory 9580 Source: CCN Type: BID-9580 RealPlayer/RealOne Player RMP Skin File Handler Directory Traversal Vulnerability Source: XF Type: UNKNOWN realoneplayer-rmp-directory-traversal(15123) Source: XF Type: UNKNOWN realoneplayer-rmp-directory-traversal(15123) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||