PT-2004-1427 · Real · Realone Enterprise Desktop+1

Publicado

2004-09-01

Atualizado

2017-10-10

CVE-2004-0273

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealOne Player versions 2.0 and earlier RealOne Enterprise Desktop versions 2.0 and earlier

Description A directory traversal issue exists, allowing remote attackers to upload arbitrary files. This is achieved by using an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

Recommendations For RealOne Player version 2.0 and earlier, update to a version that fixes this issue. For RealOne Enterprise Desktop version 2.0 and earlier, update to a version that fixes this issue. As a temporary workaround, consider restricting access to .rjs skin files and RMP files to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2004-0273

Produtos afetados

Realone Enterprise Desktop

Realone Player

PT-2004-1427 · Real · Realone Enterprise Desktop+1

CVE-2004-0273

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6