Vulnerabilites related to realnetworks - realjukebox_2_plus
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realjukebox_2 | 1.0.2.340 | |
| realnetworks | realjukebox_2 | 1.0.2.379 | |
| realnetworks | realjukebox_2_plus | 1.0.2.340 | |
| realnetworks | realjukebox_2_plus | 1.0.2.379 | |
| realnetworks | realone_player | 6.0.10.505 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8A693D-A504-4949-9947-0D7CFC8849C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "3887C616-8817-414A-9FD9-B5B365420A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "869156EC-1587-4CAB-836F-BF6A7D556F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "911D7615-7AEC-4F17-AC04-E5AF35B549DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers."
}
],
"id": "CVE-2002-1015",
"lastModified": "2024-11-20T23:40:23.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realjukebox_2 | 1.0.2.340 | |
| realnetworks | realjukebox_2 | 1.0.2.379 | |
| realnetworks | realjukebox_2_plus | 1.0.2.340 | |
| realnetworks | realjukebox_2_plus | 1.0.2.379 | |
| realnetworks | realone_player | 6.0.10.505 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8A693D-A504-4949-9947-0D7CFC8849C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "3887C616-8817-414A-9FD9-B5B365420A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "869156EC-1587-4CAB-836F-BF6A7D556F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "911D7615-7AEC-4F17-AC04-E5AF35B549DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image."
}
],
"id": "CVE-2002-1014",
"lastModified": "2024-11-20T23:40:23.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2002-1015
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/888547 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/5210 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9539.php | vdb-entry, x_refsource_XF | |
| http://service.real.com/help/faq/security/bufferoverrun07092002.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#888547",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"name": "5210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5210"
},
{
"name": "realplayer-rjs-file-download(9539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#888547",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"name": "5210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5210"
},
{
"name": "realplayer-rjs-file-download(9539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#888547",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"name": "5210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5210"
},
{
"name": "realplayer-rjs-file-download(9539)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"name": "http://service.real.com/help/faq/security/bufferoverrun07092002.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1015",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-27T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1014
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5217 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9538.php | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/843667 | third-party-advisory, x_refsource_CERT-VN | |
| http://service.real.com/help/faq/security/bufferoverrun07092002.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5217"
},
{
"name": "realplayer-rjs-controlnimage-bo(9538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"name": "VU#843667",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5217"
},
{
"name": "realplayer-rjs-controlnimage-bo(9538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"name": "VU#843667",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5217"
},
{
"name": "realplayer-rjs-controlnimage-bo(9538)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"name": "VU#843667",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"name": "http://service.real.com/help/faq/security/bufferoverrun07092002.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1014",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-27T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}