CVE-2002-1015
published 2002-10-04CVE-2002-1015: RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by…
PriorityP422high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.04%
78.8th percentile
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realjukebox_2 | — | — |
| realnetworks | realjukebox_2 | — | — |
| realnetworks | realjukebox_2_plus | — | — |
| realnetworks | realjukebox_2_plus | — | — |
| realnetworks | realone_player | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.htmlhttp://service.real.com/help/faq/security/bufferoverrun07092002.htmlhttp://www.iss.net/security_center/static/9539.phphttp://www.kb.cert.org/vuls/id/888547http://www.securityfocus.com/bid/5210http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.htmlhttp://service.real.com/help/faq/security/bufferoverrun07092002.htmlhttp://www.iss.net/security_center/static/9539.phphttp://www.kb.cert.org/vuls/id/888547http://www.securityfocus.com/bid/5210
2002-10-04
Published