RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
BID:25440
Info
RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 25440 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4561 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 25 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Mu Security research team is credited with discovery of this vulnerability. |
| Vulnerable: |
RealNetworks Helix DNA Server 11.1.3 RealNetworks Helix DNA Server 11.1.2 RealNetworks Helix DNA Server 11.1.1 |
| Not Vulnerable: |
RealNetworks Helix DNA Server 11.1.4 |
Discussion
RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
RealNetworks Helix DNA Server is prone to a heap-based buffer-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker could leverage this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects versions prior to Helix Server 11.1.4.
RealNetworks Helix DNA Server is prone to a heap-based buffer-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker could leverage this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects versions prior to Helix Server 11.1.4.
Exploit / POC
RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
Solution:
The vendor released Helix DNA Server 11.1.4 to address this issue. Please see the references for more information.
Solution:
The vendor released Helix DNA Server 11.1.4 to address this issue. Please see the references for more information.
References
RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
References:
References:
- Real Networks Helix Server Homepage (Real Networks)
- [MU-200708-01] Helix DNA Server Heap Corruption Vulnerability (Mu Security)