HTTP: RealPlayer .RMP File Directory Traversal
This signature detects a malicious .RMP (RealJukebox Metadata Package) file downloaded through HTTP. Attackers can include a directory traversal exploit within a maliciously crafted .RMP to download malicious files to a target and execute them. RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, and RealPlayer Enterprise are all affected.
Extended Description
RealPlayer/RealOne Players have been reported prone to a directory traversal vulnerability. The issue occurs within the RMP file processing routines of affected versions of the player.
Affected Products
Real_networks realone_player
References
BugTraq: 9580
CVE: CVE-2004-0273
URL: http://www.securityfocus.com/archive/1/352780 http://www.juniper.net/security/auto/vulnerabilities/vuln1135.html
Short Name
HTTP:MISC:REAL-RMP-TRAV
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
.RMP CVE-2004-0273 Directory File RealPlayer Traversal bid:9580
Release Date
09/22/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Real_networks
CVSS Score
9.3