- Description
- Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Per: http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf Impacted Products and Versions: Helix Server Version 11.x Helix Server Version 12.x Helix Mobile Server Version 11.x Helix Mobile Server Version 12.x
- Solution
- Per: http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf Impacted Products and Versions: Helix Server Version 11.x Helix Server Version 12.x Helix Mobile Server Version 11.x Helix Mobile Server Version 12.x
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A30A2490-21FC-4C0D-80A3-B89E6F58E93A"
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:12.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0890EDD4-63FF-43EC-9EC4-852B34E00F51"
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74F01F2C-036C-4B6E-B66D-F0870801D397"
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:12.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CB773CC-C81C-424A-9493-4CAD2E0E8262"
}
],
"operator": "OR"
}
]
}
]