CVE-2002-1015

RealJukebox 2 <1.0.2.340-1.0.2.379 - RCE

Title source: llm

Description

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

References (5)

Core 5

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/888547

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5210

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9539.php

Various Sources x_refsource_confirm

http://service.real.com/help/faq/security/bufferoverrun07092002.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html

Scores

EPSS 0.0141

EPSS Percentile 80.8%

Details

Status published

Products (5)

realnetworks/realjukebox_2 1.0.2.340

realnetworks/realjukebox_2 1.0.2.379

realnetworks/realjukebox_2_plus 1.0.2.340

realnetworks/realjukebox_2_plus 1.0.2.379

realnetworks/realone_player 6.0.10.505 gold

Published Oct 04, 2002

Tracked Since Feb 18, 2026