CVE-2005-0190
Summary
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
- HIGH
- NETWORK
- NONE
- PARTIAL
- NONE
- NONE
References
Advisory Timeline
- Published