CVE-2002-1015

Name of the Vulnerable Software and Affected Versions: RealJukebox 2 versions 1.0.2.340 through 1.0.2.379 RealOne Player Gold version 6.0.10.505

Description: The issue allows remote attackers to execute arbitrary script in the Local computer zone. This is achieved by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted. The extracted file is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

Recommendations: For RealJukebox 2 versions 1.0.2.340 through 1.0.2.379, consider disabling the execution of scripts from RJS archives until a patch is available. For RealOne Player Gold version 6.0.10.505, restrict access to the skin.ini file to minimize the risk of exploitation.