What is the severity of CVE-2004-0273?

CVE-2004-0273 is considered to be of moderate severity due to its ability to allow remote file uploads.

How do I fix CVE-2004-0273?

To mitigate CVE-2004-0273, users should upgrade to the latest version of RealOne Player or RealOne Enterprise Desktop that addresses this vulnerability.

Which software is affected by CVE-2004-0273?

CVE-2004-0273 affects RealOne Player 1.0, 2.0, and various versions of RealOne Enterprise Desktop.

What type of attack does CVE-2004-0273 facilitate?

CVE-2004-0273 facilitates directory traversal attacks that allow attackers to upload arbitrary files.

Is there any workaround for CVE-2004-0273?

As a workaround for CVE-2004-0273, users should avoid opening .rjs skin files from untrusted sources.

Vulnerability/
CVE-2004-0273

critical

9.3

CWE

1/9/2004

8/8/2024

CVE-2004-0273: Path Traversal

First published: Wed Sep 01 2004(Updated: )

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
RealNetworks RealOne Desktop Manager
RealNetworks RealOne Enterprise Desktop	=6.0.11.774
RealNetworks RealPlayer	=1.0
RealNetworks RealPlayer	=2.0
RealNetworks RealPlayer	=2.0
RealNetworks RealPlayer	=6.0.11.818
RealNetworks RealPlayer	=6.0.11.830
RealNetworks RealPlayer	=6.0.11.841
RealNetworks RealPlayer	=6.0.11.853
RealNetworks RealPlayer	=6.0.11.868

Remedy

http://service.real.com/help/faq/security/040123_player/EN/

Remedy

http://www.securityfocus.com/bid/9580

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-0273?
CVE-2004-0273 is considered to be of moderate severity due to its ability to allow remote file uploads.
How do I fix CVE-2004-0273?
To mitigate CVE-2004-0273, users should upgrade to the latest version of RealOne Player or RealOne Enterprise Desktop that addresses this vulnerability.
Which software is affected by CVE-2004-0273?
CVE-2004-0273 affects RealOne Player 1.0, 2.0, and various versions of RealOne Enterprise Desktop.
What type of attack does CVE-2004-0273 facilitate?
CVE-2004-0273 facilitates directory traversal attacks that allow attackers to upload arbitrary files.
Is there any workaround for CVE-2004-0273?
As a workaround for CVE-2004-0273, users should avoid opening .rjs skin files from untrusted sources.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/author
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/realnetworks
product/realone desktop manager
canonical/realnetworks realone desktop manager
product/realone player
canonical/realnetworks realone player
product/realone enterprise desktop
canonical/realnetworks realone enterprise desktop
version/realnetworks realone enterprise desktop/6.0.11.774
canonical/realnetworks realplayer
version/realnetworks realplayer/1.0
version/realnetworks realplayer/2.0
version/realnetworks realplayer/6.0.11.818
version/realnetworks realplayer/6.0.11.830
version/realnetworks realplayer/6.0.11.841
version/realnetworks realplayer/6.0.11.853
version/realnetworks realplayer/6.0.11.868

CVE-2004-0273: Path Traversal

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-0273?

How do I fix CVE-2004-0273?

Which software is affected by CVE-2004-0273?

What type of attack does CVE-2004-0273 facilitate?

Is there any workaround for CVE-2004-0273?

Company

Resources

Contact