Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for realone_desktop_manager by realnetworks

    CVE-2004-0273 (GCVE-0-2004-0273)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/514734 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=107642978524321&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/9580 vdb-entryx_refsource_BID
    http://service.real.com/help/faq/security/040123_… x_refsource_CONFIRM
    Date Public
    2004-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#514734",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/514734"
              },
              {
                "name": "realoneplayer-rmp-directory-traversal(15123)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
              },
              {
                "name": "20040210 Directory traversal in RealPlayer allows code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
              },
              {
                "name": "9580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9580"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.real.com/help/faq/security/040123_player/EN/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#514734",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/514734"
            },
            {
              "name": "realoneplayer-rmp-directory-traversal(15123)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
            },
            {
              "name": "20040210 Directory traversal in RealPlayer allows code execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
            },
            {
              "name": "9580",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9580"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.real.com/help/faq/security/040123_player/EN/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#514734",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/514734"
                },
                {
                  "name": "realoneplayer-rmp-directory-traversal(15123)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
                },
                {
                  "name": "20040210 Directory traversal in RealPlayer allows code execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
                },
                {
                  "name": "9580",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9580"
                },
                {
                  "name": "http://service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://service.real.com/help/faq/security/040123_player/EN/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0273",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0258 (GCVE-0-2004-0258)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nextgenss.com/advisories/realone.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ciac.org/ciac/bulletins/o-075.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.kb.cert.org/vuls/id/473814 third-party-advisoryx_refsource_CERT-VN
    http://www.service.real.com/help/faq/security/040… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/9579 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=107608748813559&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2004-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nextgenss.com/advisories/realone.txt"
              },
              {
                "name": "realoneplayer-multiple-file-bo(15040)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
              },
              {
                "name": "O-075",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
              },
              {
                "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
              },
              {
                "name": "VU#473814",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/473814"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
              },
              {
                "name": "9579",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9579"
              },
              {
                "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nextgenss.com/advisories/realone.txt"
            },
            {
              "name": "realoneplayer-multiple-file-bo(15040)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
            },
            {
              "name": "O-075",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
            },
            {
              "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
            },
            {
              "name": "VU#473814",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/473814"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
            },
            {
              "name": "9579",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9579"
            },
            {
              "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0258",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nextgenss.com/advisories/realone.txt",
                  "refsource": "MISC",
                  "url": "http://www.nextgenss.com/advisories/realone.txt"
                },
                {
                  "name": "realoneplayer-multiple-file-bo(15040)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
                },
                {
                  "name": "O-075",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
                },
                {
                  "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
                },
                {
                  "name": "VU#473814",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/473814"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
                },
                {
                  "name": "9579",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9579"
                },
                {
                  "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0258",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0726 (GCVE-0-2003-0726)

    Vulnerability from nvd – Published: 2003-09-03 04:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8453",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8453"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
              },
              {
                "name": "realone-smil-execute-code(13028)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
              },
              {
                "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/335293"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
              },
              {
                "name": "1007532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1007532"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8453",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8453"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
            },
            {
              "name": "realone-smil-execute-code(13028)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
            },
            {
              "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/335293"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
            },
            {
              "name": "1007532",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1007532"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0726",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8453",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8453"
                },
                {
                  "name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
                  "refsource": "MISC",
                  "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
                },
                {
                  "name": "realone-smil-execute-code(13028)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
                },
                {
                  "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/335293"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
                },
                {
                  "name": "1007532",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1007532"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0726",
        "datePublished": "2003-09-03T04:00:00.000Z",
        "dateReserved": "2003-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0273 (GCVE-0-2004-0273)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/514734 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=107642978524321&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/9580 vdb-entryx_refsource_BID
    http://service.real.com/help/faq/security/040123_… x_refsource_CONFIRM
    Date Public
    2004-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#514734",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/514734"
              },
              {
                "name": "realoneplayer-rmp-directory-traversal(15123)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
              },
              {
                "name": "20040210 Directory traversal in RealPlayer allows code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
              },
              {
                "name": "9580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9580"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.real.com/help/faq/security/040123_player/EN/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#514734",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/514734"
            },
            {
              "name": "realoneplayer-rmp-directory-traversal(15123)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
            },
            {
              "name": "20040210 Directory traversal in RealPlayer allows code execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
            },
            {
              "name": "9580",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9580"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.real.com/help/faq/security/040123_player/EN/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#514734",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/514734"
                },
                {
                  "name": "realoneplayer-rmp-directory-traversal(15123)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
                },
                {
                  "name": "20040210 Directory traversal in RealPlayer allows code execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
                },
                {
                  "name": "9580",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9580"
                },
                {
                  "name": "http://service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://service.real.com/help/faq/security/040123_player/EN/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0273",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0258 (GCVE-0-2004-0258)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nextgenss.com/advisories/realone.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ciac.org/ciac/bulletins/o-075.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.kb.cert.org/vuls/id/473814 third-party-advisoryx_refsource_CERT-VN
    http://www.service.real.com/help/faq/security/040… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/9579 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=107608748813559&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2004-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nextgenss.com/advisories/realone.txt"
              },
              {
                "name": "realoneplayer-multiple-file-bo(15040)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
              },
              {
                "name": "O-075",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
              },
              {
                "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
              },
              {
                "name": "VU#473814",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/473814"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
              },
              {
                "name": "9579",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9579"
              },
              {
                "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nextgenss.com/advisories/realone.txt"
            },
            {
              "name": "realoneplayer-multiple-file-bo(15040)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
            },
            {
              "name": "O-075",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
            },
            {
              "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
            },
            {
              "name": "VU#473814",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/473814"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
            },
            {
              "name": "9579",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9579"
            },
            {
              "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0258",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nextgenss.com/advisories/realone.txt",
                  "refsource": "MISC",
                  "url": "http://www.nextgenss.com/advisories/realone.txt"
                },
                {
                  "name": "realoneplayer-multiple-file-bo(15040)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
                },
                {
                  "name": "O-075",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
                },
                {
                  "name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
                },
                {
                  "name": "VU#473814",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/473814"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
                },
                {
                  "name": "9579",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9579"
                },
                {
                  "name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0258",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-03-17T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0726 (GCVE-0-2003-0726)

    Vulnerability from cvelistv5 – Published: 2003-09-03 04:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8453",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8453"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
              },
              {
                "name": "realone-smil-execute-code(13028)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
              },
              {
                "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/335293"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
              },
              {
                "name": "1007532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1007532"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8453",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8453"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
            },
            {
              "name": "realone-smil-execute-code(13028)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
            },
            {
              "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/335293"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
            },
            {
              "name": "1007532",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1007532"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0726",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8453",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8453"
                },
                {
                  "name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
                  "refsource": "MISC",
                  "url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
                },
                {
                  "name": "realone-smil-execute-code(13028)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
                },
                {
                  "name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/335293"
                },
                {
                  "name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
                },
                {
                  "name": "1007532",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1007532"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0726",
        "datePublished": "2003-09-03T04:00:00.000Z",
        "dateReserved": "2003-09-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }