Vulnerabilities in RealNetworks Helix Server Could Allow Arbitrary Script Execution

Executive Summary

Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting RealNetworks Helix Server software version 14.2.0.212 and earlier. Microsoft discovered and disclosed these vulnerabilities under coordinated vulnerability disclosure to the affected vendor, RealNetworks. RealNetworks has remediated these vulnerabilities in their software.

These vulnerabilities exist in the way that the RealNetworks Helix Server parses page requests. An attacker could exploit these vulnerabilities by injecting malicious script into a page link, and then convincing a user to click the page link. When the page link is clicked, the malicious script could run in the context of the current user.

Microsoft Vulnerability Research reported these issues to and coordinated with RealNetworks to ensure remediation of this issue. These vulnerabilities have been assigned the entry, CVE-2012-1984, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from the RealNetworks, see the April 2, 2012 Security Update for Helix Server and Helix Mobile Server.

Mitigating Factors

• An attacker must convince a victim to click a malicious link that has a specially crafted URL.
• An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.