Lucene search

SAINT CorporationSAINT:6A6146528578565428109085E19F0CCA

HistoryMar 18, 2008 - 12:00 a.m.

RealNetworks Helix Server RTSP Proxy-Require heap overflow

2008-03-1800:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.542

Percentile

97.6%

JSON

Added: 03/18/2008
CVE: CVE-2008-5911
BID: 33059

Background

RealNetworks Helix Server is a media server supporting multiple formats and platforms.

Problem

A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted Proxy-Require header in an RTSP request.

Resolution

Upgrade to Helix Server 11.1.8 or 12.0.1 or higher.

References

<http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf>

Limitations

Exploit works on RealNetworks Helix Server 12.0 on Windows Server 2003 SP2.

Due to the nature of the vulnerability, the success of this exploit may depend on the state of the target system’s memory.

Platforms

Windows

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.542

Percentile

97.6%

JSON

Related for SAINT:6A6146528578565428109085E19F0CCA