Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!
Directory traversal in RealPlayer allows code execution
RealPlayer is a popular multimedia player developed by RealNetworks.
One of its features are RMP files, RealJukebox Metadata Packages. These
are XML formatted files which may contain e.g. playlists, references
to skin files (*.rjs), and information about related web pages.
A directory traversal vulnerability exists in the player allowing
an attacker to craft an RMP file which may upload files to arbitrary
locations on the victim system. This leads to arbitrary code execution
with the currently logged in user's privileges.
RMP files are opened without confirmation if a web page uses e.g.
carry out the attack without further user interaction when the victim
visits such web page.
The RMP file may contain references to a number of files as
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH