CVE-2004-0273

RealOne Player and RealOne Enterprise Desktop - Path Traversal via RMP Skin File

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

References (5)

Core 5
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/514734
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15123
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107642978524321&w=2
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9580
Patch, Vendor Advisory x_refsource_confirm
http://service.real.com/help/faq/security/040123_player/EN/

Scores

EPSS 0.0045
EPSS Percentile 63.9%

Details

CWE
CWE-22
Status published
Products (9)
realnetworks/realone_desktop_manager
realnetworks/realone_enterprise_desktop 6.0.11.774
realnetworks/realone_player 1.0
realnetworks/realone_player 2.0 (2 CPE variants)
realnetworks/realone_player 6.0.11.818
realnetworks/realone_player 6.0.11.830
realnetworks/realone_player 6.0.11.841
realnetworks/realone_player 6.0.11.853
realnetworks/realone_player 6.0.11.868
Published Nov 23, 2004
Tracked Since Feb 18, 2026