CVE-2005-0190 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.

Affected Software

Name	Vendor	Start Version	End Version
Realone_player	Realnetworks	1.0 (including)	1.0 (including)
Realone_player	Realnetworks	2.0 (including)	2.0 (including)
Realplayer	Realnetworks	10.0 (including)	10.0 (including)
Realplayer	Realnetworks	10.0_6.0.12.690 (including)	10.0_6.0.12.690 (including)
Realplayer	Realnetworks	10.0_beta (including)	10.0_beta (including)
Realplayer	Realnetworks	10.5 (including)	10.5 (including)
Realplayer	Realnetworks	10.5_6.0.12.1016_beta (including)	10.5_6.0.12.1016_beta (including)
Realplayer	Realnetworks	10.5_6.0.12.1040 (including)	10.5_6.0.12.1040 (including)

References

http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2
http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2
http://secunia.com/advisories/12672/
http://service.real.com/help/faq/security/040928_player/EN/
http://www.ngssoftware.com/advisories/real-02full.txt
http://www.securityfocus.com/bid/11308
https://exchange.xforce.ibmcloud.com/vulnerabilities/17551
http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2
http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2
http://secunia.com/advisories/12672/
http://service.real.com/help/faq/security/040928_player/EN/
http://www.ngssoftware.com/advisories/real-02full.txt
http://www.securityfocus.com/bid/11308
https://exchange.xforce.ibmcloud.com/vulnerabilities/17551

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0190
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html