Lucene search

MitreCVE-2005-0190

HistoryFeb 06, 2005 - 5:00 a.m.

CVE-2005-0190

2005-02-0605:00:00

mitre

web.nvd.nist.gov

cve

2005

0190

directory traversal

realplayer

remote attack

vulnerability

file deletion

rmp

file extension bypass

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.4%

JSON

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing … (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.

Affected configurations

Nvd

Node

realnetworksrealone_playerMatch1.0

realnetworksrealone_playerMatch2.0

realnetworksrealplayerMatch10.0en

realnetworksrealplayerMatch10.0ja

realnetworksrealplayerMatch10.0de

realnetworksrealplayerMatch10.0_6.0.12.690

realnetworksrealplayerMatch10.0_beta

realnetworksrealplayerMatch10.5

realnetworksrealplayerMatch10.5_6.0.12.1016_beta

realnetworksrealplayerMatch10.5_6.0.12.1040

VendorProductVersionCPE
realnetworksrealone_player1.0cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
realnetworksrealone_player2.0cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*
realnetworksrealplayer10.0_6.0.12.690cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
realnetworksrealplayer10.0_betacpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
realnetworksrealplayer10.5_6.0.12.1016_betacpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
realnetworksrealplayer10.5_6.0.12.1040cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realone_player	1.0	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
realnetworks	realone_player	2.0	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::en::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::ja::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0::de:::::
realnetworks	realplayer	10.0_6.0.12.690	cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
realnetworks	realplayer	10.0_beta	cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
realnetworks	realplayer	10.5	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
realnetworks	realplayer	10.5_6.0.12.1016_beta	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
realnetworks	realplayer	10.5_6.0.12.1040	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*

References

marc.info/?l=bugtraq&m=109707741022291&w=2

marc.info/?l=bugtraq&m=110616160228843&w=2

secunia.com/advisories/12672/

service.real.com/help/faq/security/040928_player/EN/

www.ngssoftware.com/advisories/real-02full.txt

www.securityfocus.com/bid/11308

exchange.xforce.ibmcloud.com/vulnerabilities/17551

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.4%

JSON

Related for CVE-2005-0190