RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability

BID:39490

Info

RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability

Bugtraq ID: 39490
Class: Boundary Condition Error
CVE: CVE-2010-1317
Remote: Yes
Local: No
Published: Apr 14 2010 12:00AM
Updated: Apr 29 2010 05:23PM
Credit: Manuel Santamarina Suarez, Joshua J. Drake, and anonymous researchers.
Vulnerable: RealNetworks Helix Server 13.0
RealNetworks Helix Server 12.0.1 .215
RealNetworks Helix Server 12.0.1
RealNetworks Helix Server 12.0
RealNetworks Helix Server 11.1.8
RealNetworks Helix Server 11.1.7
RealNetworks Helix Server 11.1.6
RealNetworks Helix Server 11.1.4
RealNetworks Helix Server 11.1.2
RealNetworks Helix Mobile Server 13.0
RealNetworks Helix Mobile Server 12.0.1 .215
RealNetworks Helix Mobile Server 12.0.1
RealNetworks Helix Mobile Server 12.0
RealNetworks Helix Mobile Server 11.1.8
RealNetworks Helix Mobile Server 11.1.7
RealNetworks Helix Mobile Server 11.1.6
RealNetworks Helix Mobile Server 11.1.4
RealNetworks Helix Mobile Server 11.1.2
Not Vulnerable: RealNetworks Helix Server 14.0
RealNetworks Helix Mobile Server 14.0

Discussion

RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability

RealNetworks Helix Server and Helix Mobile Server are prone to a remote heap-based buffer-overflow vulnerability during NTLM authentication.

Exploiting this issue may allow attackers to gain unauthorized access to affected computers. Failed attempts may cause the affected application to crash, denying service to legitimate users.

This issue affects versions prior to Helix Server and Helix Mobile Server 14.0.

NOTE: This BID was formerly titled 'RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities' and covered three vulnerabilities; the two AgentX issues have received their own records (39561 AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability and 39564 AgentX++ 'AgentX::receive_agentx()' Remote Stack Buffer Overflow Vulnerability) to better document them.

Exploit / POC

RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability

Solution:
The vendor released Helix Server and Helix Mobile Server 14.0 to address this issue. Please see the references for more information.

References

RealNetworks Helix and Helix Mobile Server NTLM Authentication Heap Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report