RSS   Vulnerabilities for 'Realjukebox 2 plus'   RSS

2002-10-04
 
CVE-2002-1015

 

 
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

 
 
CVE-2002-1014

 

 
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.

 

 >>> Vendor: Realnetworks 26 Products
Realserver g2
Realserver
Realsystem g2 server
Realplayer
Realone player
Realplayer intranet
Realjukebox 2
Realjukebox 2 plus
Helix universal server
Realone enterprise desktop
Realone desktop manager
Realsystem proxy
Realsystem server
Helix universal mobile server
Helix universal mobile server and gateway
Helix player
Realarcade
Rhapsody
Helix dna server
Helix mobile server
Helix server
Realplayer enterprise
Gamehouse
Helix server mobile
Realplayer sp
Realarcade installer


Copyright 2024, cxsecurity.com

 

Back to Top