Back to search
CVE-2002-1015
Published: Apr 2, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#888547
third-party-advisory
x_refsource_CERT-VN
5210
vdb-entry
x_refsource_BID
realplayer-rjs-file-download(9539)
vdb-entry
x_refsource_XF
http://service.real.com/help/faq/security/bufferoverrun07092002.html
x_refsource_CONFIRM
20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now