CVE-2002-1015
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-08-27 CVE Reserved
- 2002-10-04 CVE Published
- 2024-01-29 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html | Mailing List | |
| http://service.real.com/help/faq/security/bufferoverrun07092002.html | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/888547 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.iss.net/security_center/static/9539.php | 2008-09-05 | |
| http://www.securityfocus.com/bid/5210 | 2008-09-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realjukebox 2 Search vendor "Realnetworks" for product "Realjukebox 2" | 1.0.2.340 Search vendor "Realnetworks" for product "Realjukebox 2" and version "1.0.2.340" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realjukebox 2 Search vendor "Realnetworks" for product "Realjukebox 2" | 1.0.2.379 Search vendor "Realnetworks" for product "Realjukebox 2" and version "1.0.2.379" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realjukebox 2 Plus Search vendor "Realnetworks" for product "Realjukebox 2 Plus" | 1.0.2.340 Search vendor "Realnetworks" for product "Realjukebox 2 Plus" and version "1.0.2.340" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realjukebox 2 Plus Search vendor "Realnetworks" for product "Realjukebox 2 Plus" | 1.0.2.379 Search vendor "Realnetworks" for product "Realjukebox 2 Plus" and version "1.0.2.379" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realone Player Search vendor "Realnetworks" for product "Realone Player" | 6.0.10.505 Search vendor "Realnetworks" for product "Realone Player" and version "6.0.10.505" | gold |
Affected
| ||||||