Lucene search

[email protected]CVE-2006-3276

HistoryJun 28, 2006 - 10:05 p.m.

CVE-2006-3276

2006-06-2822:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3276

realnetworks

helix dna server

buffer overflow

remote code execution

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.234 Low

EPSS

Percentile

96.6%

JSON

Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the “parsing of HTTP URL schemes”.

Affected configurations

NVD

Node

realnetworkshelix_dna_serverMatch10.0

realnetworkshelix_dna_serverMatch11.0

CPENameOperatorVersion
realnetworks:helix_dna_serverrealnetworks helix dna servereq10.0
realnetworks:helix_dna_serverrealnetworks helix dna servereq11.0

CPE	Name	Operator	Version
realnetworks:helix_dna_server	realnetworks helix dna server	eq	10.0
realnetworks:helix_dna_server	realnetworks helix dna server	eq	11.0

References

archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html

labs.musecurity.com/advisories/MU-200606-01.txt

secunia.com/advisories/20784

securitytracker.com/id?1016365

www.osvdb.org/26799

www.securityfocus.com/bid/18606

www.vupen.com/english/advisories/2006/2521

exchange.xforce.ibmcloud.com/vulnerabilities/27316

exchange.xforce.ibmcloud.com/vulnerabilities/27317

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.234 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2006-3276

d21 checkpoint_advisories1 nvd1 cvelist1