Vulnerabilities > CVE-2005-0192 - Unspecified vulnerability in Realnetworks Realone Player and Realplayer

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.

Nessus

NASL familyWindows
NASL idREALPLAYER_UNDISCLOSED_VULNS.NASL
descriptionAccording to its build number, the installed version of RealPlayer / RealOne Player for Windows may allow an attacker to execute arbitrary code and delete arbitrary files on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id15395
published2004-10-01
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15395
titleRealPlayer Multiple Remote Vulnerabilities (2004-09-28)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(15395);
 script_version("1.25");

 script_cve_id("CVE-2004-1481", "CVE-2005-0189", "CVE-2005-0190", "CVE-2005-0192");
 script_bugtraq_id(11307, 11308, 11309, 11335, 12311, 12315);

 script_name(english:"RealPlayer Multiple Remote Vulnerabilities (2004-09-28)");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows application is affected by multiple remote
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"According to its build number, the installed version of RealPlayer /
RealOne Player for Windows may allow an attacker to execute arbitrary
code and delete arbitrary files on the remote host." );
 script_set_attribute(attribute:"see_also", value:"https://securitytracker.com/id?1011449" );
 script_set_attribute(attribute:"solution", value:
"Upgrade according to the vendor advisory referenced above." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/01");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/28");
 script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:realnetworks:realplayer");
script_end_attributes();

 script_summary(english:"Checks RealPlayer build number");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows");
 script_dependencies("realplayer_detect.nasl");
 script_require_keys("SMB/RealPlayer/Product", "SMB/RealPlayer/Build");
 exit(0);
}


include("global_settings.inc");


# nb: RealOne Player and RealPlayer Enterprise are also affected,
#     but we don't currently know which specific build numbers
#     address the issues.
prod = get_kb_item("SMB/RealPlayer/Product");
if (!prod || prod != "RealPlayer") exit(0);


# Check build.
build = get_kb_item("SMB/RealPlayer/Build");
if (build)
{
  # There's a problem if the build is:
  #  - [6.0.12.0, 6.0.12.1053), RealPlayer 10.5
  ver = split(build, sep:'.', keep:FALSE);
  if (
    int(ver[0]) < 6 ||
    (
      int(ver[0]) == 6 &&
      int(ver[1]) == 0 &&
      (
        int(ver[2]) < 12 ||
        (int(ver[2]) == 12 && int(ver[3]) < 1053)
      )
    )
  )
  {
    if (report_verbosity)
    {
      report = string(
        "\n",
        prod, " build ", build, " is installed on the remote host.\n"
      );
      security_hole(port:get_kb_item("SMB/transport"), extra:report);
    }
    else security_hole(get_kb_item("SMB/transport"));
  }
}