CVE-2002-1014

Description

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.

Affected products

• RealNetworks / realjukebox_21.0.2.340 – 1.0.2.340
• RealNetworks / realjukebox_21.0.2.379 – 1.0.2.379
• RealNetworks / realjukebox_2_plus1.0.2.340 – 1.0.2.340
• RealNetworks / realjukebox_2_plus1.0.2.379 – 1.0.2.379
• RealNetworks / realone_player6.0.10.505 – 6.0.10.505

References

• MISChttp://www.securityfocus.com/bid/5217
• MISChttp://www.iss.net/security_center/static/9538.php
• MISChttp://www.kb.cert.org/vuls/id/843667
• MISChttp://service.real.com/help/faq/security/bufferoverrun07092002.html
• MISChttp://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html