2.6

CVE-2005-0190

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RealnetworksRealone Player Version1.0
RealnetworksRealone Player Version2.0
RealnetworksRealplayer Version10.0 Langen
RealnetworksRealplayer Version10.0 Langja
RealnetworksRealplayer Version10.0 Editionde
RealnetworksRealplayer Version10.0_6.0.12.690
RealnetworksRealplayer Version10.0_beta
RealnetworksRealplayer Version10.5
RealnetworksRealplayer Version10.5_6.0.12.1016_beta
RealnetworksRealplayer Version10.5_6.0.12.1040
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.05% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=109707741022291&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=110616160228843&w=2
Third Party Advisory
http://secunia.com/advisories/12672/
Patch
Vendor Advisory
http://service.real.com/help/faq/security/040928_player/EN/
Patch
Vendor Advisory
http://www.ngssoftware.com/advisories/real-02full.txt
Patch
Vendor Advisory
http://www.securityfocus.com/bid/11308
Patch
Third Party Advisory
Vendor Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/17551
Third Party Advisory
VDB Entry