CVSS: 10.0EPSS: 54%CPEs: 4EXPL: 0CVE-2008-5911
https://notcve.org/view.php?id=CVE-2008-5911
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. Múltiples desbordamientos de búfer en RealNetworks Helix Server y Helix Mobile Server v11.x anteriores a v11.1.8 y v12.x anteriores a v12.0.1 permite a atacantes remotos (1) provocar una denegación de servicio a través de tres comandos manipulados RTSP SETUP, o ejecutar código de su elección a través de (2) una petición de autenticación NTLM con datos malformados codificados en base64, (3) un comando RTSP DESCRIBE, o (4) una petición DataConvertBuffer. • http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf http://secunia.com/advisories/33360 http://www.securitytracker.com/id?1021498 http://www.securitytracker.com/id?1021499 http://www.securitytracker.com/id?1021500 http://www.securitytracker.com/id?1021501 http://www.vupen.com/english/advisories/2008/3521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 42%CPEs: 5EXPL: 0CVE-2007-4561
https://notcve.org/view.php?id=CVE-2007-4561
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. Desbordamiento de búfer basado en pila en los servicios RTSP en Helix DNA Server anterior a 11.1.4 permite a atacantes remotos ejecutar código de su elección a través de una comando RSTP contieniendo múltiples cabeceras Require. • http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt http://marc.info/?l=full-disclosure&m=118800391412961&w=2 http://secunia.com/advisories/26609 http://securityreason.com/securityalert/3069 http://www.securityfocus.com/bid/25440 http://www.securitytracker.com/id?1018605 http://www.vupen.com/english/advisories/2007/2986 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 90%CPEs: 6EXPL: 1CVE-2006-6026 – Helix Server 11.0.1 (Windows 2000 SP4) - Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2006-6026
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field. Desbordamiento de búfer basado en montículo en Helix DNA Server 11.0 y 11.1 tiene impacto y vectores de ataque desconocidos, como ha sido demostrado por cierto módulo de VulnDisco Pack. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos únicamente de información de terceros. Desde el 18/11/2006, esta revelación no tiene información accionable. Sin embargo, debido a que el autor de VulnDisco Pack es un investigador de confianza, a este asunto le ha sido asignado un identificador CVE con propósitos de seguimiento. • https://www.exploit-db.com/exploits/3531 http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf http://gleg.net/helix.txt http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html http://secunia.com/advisories/22944 http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml http://www.attrition.org/pipermail/vim/2007-March/001459.html http://www.attrition.org/pipermail/vim/2007-March/001468.html http://www.securityfocus.com/arch • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 23%CPEs: 2EXPL: 0CVE-2006-3276
https://notcve.org/view.php?id=CVE-2006-3276
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". Desbordamiento de búfer basado en memoria dinámica -heap- en RealNetworks Helix DNA Server v10.0 y v11.0 permite a atacantes remotos ejecutar código de su elección a través de (1)una cabecera larga HTTP User-Agent en el servicio RTSP y (2) vectores no especificados que incluyen "parsing of HTTP URL schemes". • http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html http://labs.musecurity.com/advisories/MU-200606-01.txt http://secunia.com/advisories/20784 http://securitytracker.com/id?1016365 http://www.osvdb.org/26799 http://www.securityfocus.com/bid/18606 http://www.vupen.com/english/advisories/2006/2521 https://exchange.xforce.ibmcloud.com/vulnerabilities/27316 https://exchange.xforce.ibmcloud.com/vulnerabilities/27317 •