ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-094 June 21, 2012 - -- CVE ID: CVE-2012-0942 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the...