CVE-2005-0192
RealPlayer 10.5 (6.0.12.1040) and earlier - Directory Traversal via Skin File Name Parsing
Title source: llmDescription
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
References (5)
Core 5
Core References
Broken Link x_refsource_misc
http://www.ngssoftware.com/advisories/real-03full.txt
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110616302008401&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18984
Vendor Advisory x_refsource_misc
http://service.real.com/help/faq/security/040928_player/EN/
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109707741022291&w=2
Scores
EPSS
0.0235
EPSS Percentile
85.1%
Details
Status
published
Products (4)
realnetworks/realone_player
1.0
realnetworks/realone_player
2.0
realnetworks/realplayer
10.0 (4 CPE variants)
realnetworks/realplayer
10.5
Published
Oct 06, 2004
Tracked Since
Feb 18, 2026