7.5

CVE-2002-1015

EPSS 1.41%
Published 04.10.2002 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Realnetworks ≫ Realjukebox 2 Version1.0.2.340

Realnetworks ≫ Realjukebox 2 Version1.0.2.379

Realnetworks ≫ Realjukebox 2 Plus Version1.0.2.340

Realnetworks ≫ Realjukebox 2 Plus Version1.0.2.379

Realnetworks ≫ Realone Player Version6.0.10.505 Updategold

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.41%	0.797

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://service.real.com/help/faq/security/bufferoverrun07092002.html

http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html

http://www.iss.net/security_center/static/9539.php

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/888547

US Government Resource

http://www.securityfocus.com/bid/5210

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2002-1015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1015

EUVD