CVE-2002-1014

Realnetworks Realjukebox 2 - Buffer Overflow

Title source: rule

Description

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.

Exploits (1)

exploitdb WORKING POC VERIFIED

by UNYUN · cremotewindows

https://www.exploit-db.com/exploits/21615

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/5217

[Vendor Advisory] http://www.iss.net/security_center/static/9538.php

[US Government Resource] http://www.kb.cert.org/vuls/id/843667

[Various Sources] http://service.real.com/help/faq/security/bufferoverrun07092002.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html

Scores

EPSS 0.1702

EPSS Percentile 95.0%

Details

Status published

Products (5)

realnetworks/realjukebox_2 1.0.2.340

realnetworks/realjukebox_2 1.0.2.379

realnetworks/realjukebox_2_plus 1.0.2.340

realnetworks/realjukebox_2_plus 1.0.2.379

realnetworks/realone_player 6.0.10.505 gold

Published Oct 04, 2002

Tracked Since Feb 18, 2026