Vulnerability CVE-2005-0190 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0190 (CCN-17551)

Assigned:

2004-09-28

Published:

2004-09-28

Updated:

2017-11-16

Summary:

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2005-0190

Source: BUGTRAQ
Type: Third Party Advisory
20041006 Patch available for multiple high risk vulnerabilities in RealPlayer

Source: BUGTRAQ
Type: Third Party Advisory
20050119 RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)

Source: CCN
Type: SA12672
RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
12672

Source: CONFIRM
Type: Patch, Vendor Advisory
http://service.real.com/help/faq/security/040928_player/EN/

Source: CCN
Type: CIAC Information Bulletin 0-223
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR19012005f
RealPlayer Arbitrary File Deletion Vulnerability

Source: MISC
Type: Patch, Vendor Advisory
http://www.ngssoftware.com/advisories/real-02full.txt

Source: CCN
Type: OSVDB ID: 10419
RealNetworks Multiple Products Malformed Media File Arbitrary File Deletion

Source: BID
Type: Patch, Third Party Advisory, VDB Entry, Vendor Advisory
11308

Source: CCN
Type: BID-11308
RealNetworks RealOne Player And RealPlayer Remote Arbitrary File Deletion Vulnerability

Source: CCN
Type: BID-11335
RealOne Player and RealPlayer Multiple Unspecified Remote Vulnerabilities

Source: CCN
Type: RealNetworks, Inc. Releases Update September 28, 2004
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: XF
Type: Third Party Advisory, VDB Entry
realplayer-media-file-deletion(17551)

Source: XF
Type: UNKNOWN
realplayer-media-file-deletion(17551)

Vulnerable Configuration:

Configuration 1:

cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*

Denotes that component is vulnerable