PT-2004-1427 · Real · Realone Enterprise Desktop+1

Published

2004-09-01

Updated

2017-10-10

CVE-2004-0273

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealOne Player versions 2.0 and earlier RealOne Enterprise Desktop versions 2.0 and earlier

Description A directory traversal issue exists, allowing remote attackers to upload arbitrary files. This is achieved by using an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

Recommendations For RealOne Player version 2.0 and earlier, update to a version that fixes this issue. For RealOne Enterprise Desktop version 2.0 and earlier, update to a version that fixes this issue. As a temporary workaround, consider restricting access to .rjs skin files and RMP files to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2004-0273

Affected Products

Realone Enterprise Desktop

Realone Player

PT-2004-1427 · Real · Realone Enterprise Desktop+1

CVE-2004-0273

Weakness Enumeration

Related Identifiers

Affected Products

References · 6