Vulnerability Description
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realnetworks | Realone Desktop Manager | All versions |
| Realnetworks | Realone Enterprise Desktop | 6.0.11.774 |
| Realnetworks | Realone Player | 1.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=107642978524321&w=2
- http://service.real.com/help/faq/security/040123_player/EN/PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/514734US Government Resource
- http://www.securityfocus.com/bid/9580PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15123
- http://marc.info/?l=bugtraq&m=107642978524321&w=2
- http://service.real.com/help/faq/security/040123_player/EN/PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/514734US Government Resource
- http://www.securityfocus.com/bid/9580PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15123
FAQ
What is CVE-2004-0273?
CVE-2004-0273 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) seq...
How severe is CVE-2004-0273?
CVE-2004-0273 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0273?
Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Realone Desktop Manager, Realnetworks Realone Enterprise Desktop, Realnetworks Realone Player.