CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.6%
Added: 03/18/2008
CVE: CVE-2008-5911
BID: 33059
RealNetworks Helix Server is a media server supporting multiple formats and platforms.
A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted Proxy-Require header in an RTSP request.
Upgrade to Helix Server 11.1.8 or 12.0.1 or higher.
<http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf>
Exploit works on RealNetworks Helix Server 12.0 on Windows Server 2003 SP2.
Due to the nature of the vulnerability, the success of this exploit may depend on the state of the target system’s memory.
Windows