CVE-2002-1015

Опубликовано: 04 окт. 2002

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html
http://service.real.com/help/faq/security/bufferoverrun07092002.html
http://www.iss.net/security_center/static/9539.php
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/888547
US Government Resource
http://www.securityfocus.com/bid/5210
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html
http://service.real.com/help/faq/security/bufferoverrun07092002.html
http://www.iss.net/security_center/static/9539.php
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/888547
US Government Resource
http://www.securityfocus.com/bid/5210
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.340:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.379:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.340:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.379:*:*:*:*:*:*:*

cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01411

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8xrg-9hqx-73c9

github

больше 3 лет назад