Unrated severityNVD Advisory· Published Sep 29, 2004· Updated Jun 16, 2026
CVE-2005-0190
CVE-2005-0190
Description
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*
- (no CPE)range: <=10.5 (6.0.12.1040)
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/12672/nvdPatchVendor Advisory
- service.real.com/help/faq/security/040928_player/EN/nvdPatchVendor Advisory
- www.ngssoftware.com/advisories/real-02full.txtnvdPatchVendor Advisory
- www.securityfocus.com/bid/11308nvdPatchThird Party AdvisoryVDB EntryVendor Advisory
- marc.infonvdThird Party Advisory
- marc.infonvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/17551nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.