2 matches found
ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-094 June 21, 2012 - -- CVE ID: CVE-2012-0942 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
CVE-2012-0942
CVE-2012-0942 affects RealNetworks Helix Server (and Helix Mobile Server) 14.x prior to 14.3.x. The vulnerability lies in the rn5auth.dll credential parsing path: GetNameValuePair() copies data with strcpy into a stack buffer, causing a stack-based buffer overflow. This allows remote attackers to...