Lucene search

MitreCVE-2005-0192

HistoryFeb 06, 2005 - 5:00 a.m.

CVE-2005-0192

2005-02-0605:00:00

mitre

web.nvd.nist.gov

cve

directory traversal

realplayer

security vulnerability

remote attack

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

66.0%

JSON

Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a … (dot dot) in an RJS filename.

Affected configurations

Nvd

Node

realnetworksrealone_playerMatch1.0

realnetworksrealone_playerMatch2.0

realnetworksrealplayerMatch10.0de

realnetworksrealplayerMatch10.0en

realnetworksrealplayerMatch10.0ja

realnetworksrealplayerMatch10.0beta

realnetworksrealplayerMatch10.5

VendorProductVersionCPE
realnetworksrealone_player1.0cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
realnetworksrealone_player2.0cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:de:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realone_player	1.0	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
realnetworks	realone_player	2.0	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::de::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::en::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::ja::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:beta::::::
realnetworks	realplayer	10.5	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*

References

marc.info/?l=bugtraq&m=109707741022291&w=2

marc.info/?l=bugtraq&m=110616302008401&w=2

service.real.com/help/faq/security/040928_player/EN/

www.ngssoftware.com/advisories/real-03full.txt

exchange.xforce.ibmcloud.com/vulnerabilities/18984

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

66.0%

JSON

Related for CVE-2005-0192