RealNetworks Helix Server Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 2 Jan 2009 4838 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in RealNetworks Helix Server, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system.

1. A heap overflow error when processing malformed RTSP DESCRIBE requests, which could be exploited to crash an affected server or execute arbitrary code.

2. A stack overflow error when parsing RTSP SETUP, which could be exploited to crash an affected server or execute arbitrary code.

3. A heap overflow error related to DataConvertBuffer, which could be exploited to crash or compromise an affected server.

4. A heap overflow error when parsing malformed Base64 NTLM authentication requests, which could be exploited to crash an affected server or execute arbitrary code.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Helix Server versions 11.x
  • Helix Server versions 12.x
  • Helix Mobile Server versions 11.x
  • Helix Mobile Server versions 12.x

Solutions

Before installation of the software, please visit the software manufacturerweb-site for more details.

  • Upgrade to Helix Server and Helix Mobile Server version 11.1.8 or 12.0.1.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Trend MicroHouseCall ActiveX Control "notifyOnLoadNative()" Vulnerability

22 Dec 2008 4768 Views

Next

HP OpenView Network Node Manager Multiple Remote Vulnerabilities

8 Jan 2009 4754 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY