PT-2002-2020 · Real · Realjukebox 2+1

Published

2002-10-04

Updated

2008-09-05

CVE-2002-1014

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: RealJukebox 2 version 1.0.2.340 RealJukebox 2 version 1.0.2.379 RealOne Player Gold version 6.0.10.505

Description: The issue allows remote attackers to execute arbitrary code via an RFS skin file. This is achieved by including a long value in a CONTROLnImage argument, such as CONTROL1Image, within the skin.ini file of the RFS skin file.

Recommendations: For RealJukebox 2 version 1.0.2.340, consider disabling the processing of RFS skin files until a patch is available. For RealJukebox 2 version 1.0.2.379, restrict access to RFS skin files to minimize the risk of exploitation. For RealOne Player Gold version 6.0.10.505, avoid using the CONTROLnImage argument in the skin.ini file of RFS skin files until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1014

Affected Products

Realjukebox 2

Realone Player Gold

PT-2002-2020 · Real · Realjukebox 2+1

CVE-2002-1014

Related Identifiers

Affected Products

References · 7