FKIE_CVE-2004-0273

Vulnerability from fkie_nvd - Published: 2004-11-23 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107642978524321&w=2
cve@mitre.orghttp://service.real.com/help/faq/security/040123_player/EN/Patch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/514734US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/9580Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15123
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107642978524321&w=2
af854a3a-2127-422b-91ae-364da2661108http://service.real.com/help/faq/security/040123_player/EN/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/514734US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9580Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15123
Impacted products
Vendor Product Version
realnetworks realone_desktop_manager *
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 1.0
realnetworks realone_player 2.0
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_player 6.0.11.841
realnetworks realone_player 6.0.11.853
realnetworks realone_player 6.0.11.868
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
              "matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
              "matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
              "matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
              "matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de atravesamiento de directorios en  RealOne Player, RealOne Player 2.0, y  RealOne Enterprise Desktop permite a atacantes remotos subir ficheros arbitrarios mediante un fichero RMP que contenga secuencias .. (punto punto) en fichero de piel .rjs."
    }
  ],
  "id": "CVE-2004-0273",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-11-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/help/faq/security/040123_player/EN/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/514734"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9580"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/help/faq/security/040123_player/EN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/514734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.