Vulnerabilites related to realnetworks - realone_desktop_manager
cve-2004-0258
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nextgenss.com/advisories/realone.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15040 | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/o-075.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.kb.cert.org/vuls/id/473814 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.service.real.com/help/faq/security/040123_player/EN/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/9579 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107608748813559&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nextgenss.com/advisories/realone.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0258",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0273
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/514734 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107642978524321&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9580 | vdb-entry, x_refsource_BID | |
| http://service.real.com/help/faq/security/040123_player/EN/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#514734",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#514734",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#514734",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9580"
},
{
"name": "http://service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0273",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0726
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/8453 | vdb-entry, x_refsource_BID | |
| http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13028 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/335293 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.service.real.com/help/faq/security/securityupdate_august2003.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1007532 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8453"
},
{
"name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
"refsource": "MISC",
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0726",
"datePublished": "2003-09-03T04:00:00",
"dateReserved": "2003-09-02T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
"matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en RealOne Player, RealOne Player 2.0, y RealOne Enterprise Desktop permite a atacantes remotos subir ficheros arbitrarios mediante un fichero RMP que contenga secuencias .. (punto punto) en fichero de piel .rjs."
}
],
"id": "CVE-2004-0273",
"lastModified": "2024-11-20T23:48:10.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
"matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "971CE8B9-8A57-4849-9461-E4E79D1AB6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:unix:*:*:*:*:*",
"matchCriteriaId": "96180A27-295D-4C5E-9ED1-8D4F77C72183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, y RealPlayer Enterprise permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante ficheros 1) .RP, (2) .RT, (3) .RAM, (4) .RPM o (5) .SMIL malformados."
}
],
"id": "CVE-2004-0258",
"lastModified": "2024-11-20T23:48:07.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
],
"id": "CVE-2003-0726",
"lastModified": "2024-11-20T23:45:23.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007532"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}