CVE-2002-1014

Name of the Vulnerable Software and Affected Versions: RealJukebox 2 version 1.0.2.340 RealJukebox 2 version 1.0.2.379 RealOne Player Gold version 6.0.10.505

Description: The issue allows remote attackers to execute arbitrary code via an RFS skin file. This is achieved by including a long value in a CONTROLnImage argument, such as CONTROL1Image, within the skin.ini file of the RFS skin file.

Recommendations: For RealJukebox 2 version 1.0.2.340, consider disabling the processing of RFS skin files until a patch is available. For RealJukebox 2 version 1.0.2.379, restrict access to RFS skin files to minimize the risk of exploitation. For RealOne Player Gold version 6.0.10.505, avoid using the CONTROLnImage argument in the skin.ini file of RFS skin files until the issue is resolved.