Vulnerability Name: | CVE-2002-1015 (CCN-9539) | ||||||||
Assigned: | 2002-07-12 | ||||||||
Published: | 2002-07-12 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: BUGTRAQ Type: UNKNOWN 20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability Source: CCN Type: SPS Advisory #47 RealONE Player Gold / RealJukebox2 skin file download vulnerability Source: MITRE Type: CNA CVE-2002-1015 Source: CCN Type: RealNetworks Web site RealNetworks Support: Buffer Overrun Exploit Source: CONFIRM Type: UNKNOWN http://service.real.com/help/faq/security/bufferoverrun07092002.html Source: XF Type: Patch, Vendor Advisory realplayer-rjs-file-download(9539) Source: CCN Type: US-CERT VU#888547 Real Networks RealONE Player vulnerable to arbitrary command execution via crafted html in the skin file Source: CERT-VN Type: US Government Resource VU#888547 Source: CCN Type: OSVDB ID: 5037 RealJukebox/RealOne RJS Archive skin.ini Arbitrary Script Execution Source: BID Type: Patch, Vendor Advisory 5210 Source: CCN Type: BID-5210 Real Networks RealJukebox Predictable File Extraction Vulnerability Source: XF Type: UNKNOWN realplayer-rjs-file-download(9539) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |