CVE-2002-1014

RealJukebox 2 and RealOne Player - Buffer Overflow via RFS Skin File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1014. PoCs published by UNYUN.

AI-analyzed exploit summary This exploit leverages a buffer overflow in RealJukebox2 via a maliciously crafted 'skin.ini' file. It overwrites the return address to execute arbitrary code, specifically targeting Windows 2000 Professional SP2.

Description

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.

Exploits (1)

exploitdb WORKING POC VERIFIED

by UNYUN · cremotewindows

https://www.exploit-db.com/exploits/21615

View Code ZIP pw:eip

This exploit leverages a buffer overflow in RealJukebox2 via a maliciously crafted 'skin.ini' file. It overwrites the return address to execute arbitrary code, specifically targeting Windows 2000 Professional SP2.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RealJukebox2 1.0.2.379

No auth needed

Prerequisites: Victim must open the malicious 'skin.ini' file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5217

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9538.php

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/843667

Various Sources x_refsource_confirm

http://service.real.com/help/faq/security/bufferoverrun07092002.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html

Scores

EPSS 0.0810

EPSS Percentile 94.1%

Details

Status published

Products (5)

realnetworks/realjukebox_2 1.0.2.340

realnetworks/realjukebox_2 1.0.2.379

realnetworks/realjukebox_2_plus 1.0.2.340

realnetworks/realjukebox_2_plus 1.0.2.379

realnetworks/realone_player 6.0.10.505 gold

Published Oct 04, 2002

Tracked Since Feb 18, 2026