VYPR
Unrated severityNVD Advisory· Published Sep 29, 2004· Updated Jun 16, 2026

CVE-2005-0190

CVE-2005-0190

Description

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*
    • (no CPE)range: <=10.5 (6.0.12.1040)

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.