Vulnerability CVE-2004-0273


Published: 2004-11-23   Modified: 2012-02-12

Description:
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Realnetworks -> Realone desktop manager 
Realnetworks -> Realone enterprise desktop 
Realnetworks -> Realone player 

 References:
http://marc.info/?l=bugtraq&m=107642978524321&w=2
http://service.real.com/help/faq/security/040123_player/EN/
http://www.kb.cert.org/vuls/id/514734
http://www.securityfocus.com/bid/9580
http://xforce.iss.net/xforce/xfdb/15123

Copyright 2024, cxsecurity.com

 

Back to Top