← CVECheck
HomeVulnerabilities

CVE-2005-0190 — LOW severity vulnerability (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12)

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which

CVE IDCVE-2005-0190
SeverityLOW
CVSS score2.6
CVSS vectorAV:N/AC:H/Au:N/C:N/I:P/A:N
CWENVD-CWE-Other
StatusModified
Published2004-09-29
Last modified2026-04-16
DescriptionDirectory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →