Vulnerability Name:

CVE-2004-0273 (CCN-15123)

Assigned:2004-02-10
Published:2004-02-10
Updated:2017-10-10
Summary:Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Feb 10 2004 - 09:08:37 CST
Directory traversal in RealPlayer allows code execution

Source: MITRE
Type: CNA
CVE-2004-0273

Source: BUGTRAQ
Type: UNKNOWN
20040210 Directory traversal in RealPlayer allows code execution

Source: CCN
Type: RealNetworks, Inc. Releases Update Updated February 4, 2004
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: CONFIRM
Type: Patch, Vendor Advisory
http://service.real.com/help/faq/security/040123_player/EN/

Source: CCN
Type: US-CERT VU#514734
Multiple Real media players fail to properly validate RMP files

Source: CERT-VN
Type: US Government Resource
VU#514734

Source: CCN
Type: OSVDB ID: 6616
RealOne Player RMP File Upload Arbitrary File

Source: BID
Type: Patch, Vendor Advisory
9580

Source: CCN
Type: BID-9580
RealPlayer/RealOne Player RMP Skin File Handler Directory Traversal Vulnerability

Source: XF
Type: UNKNOWN
realoneplayer-rmp-directory-traversal(15123)

Source: XF
Type: UNKNOWN
realoneplayer-rmp-directory-traversal(15123)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    realnetworks realone desktop manager *
    realnetworks realone enterprise desktop 6.0.11.774
    realnetworks realone player 1.0
    realnetworks realone player 2.0
    realnetworks realone player 2.0
    realnetworks realone player 6.0.11.818
    realnetworks realone player 6.0.11.830
    realnetworks realone player 6.0.11.841
    realnetworks realone player 6.0.11.853
    realnetworks realone player 6.0.11.868