关于 CVE-2005-0190 的漏洞信息

1. 漏洞描述
From NVD
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
From 神龙GPT (AIGC)
RealPlayer 10.5(6.0.12.1040)和更早版本中的目录穿越漏洞允许远程攻击者通过一个包含以?结尾的filename tag和允许的文件扩展名(例如.mp3)的Real Metadata Packages(RMP)文件删除任意文件,这绕过了文件扩展名检查。
2. 漏洞评分(CVSS)
From NVD
NVD 暂无评分
From 神龙GPT (AIGC)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3. 漏洞类别
From NVD
NVD 暂无漏洞类别信息
From 神龙GPT (AIGC)
神龙GPT 暂无漏洞类别信息(请耐心等待)
Reference