CVE-2010-1317 – Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1317
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. Desbordamiento de búfer basado en pila en la funcionalidad de autenticación en RealNetworks Helix Server y Helix Mobile Server v11.x, v12.x, y v13.x, permite a atacantes remotos tener un impacto inesperado a través de un dato base64-encodec inválido. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication provided by the administrative web interface and is only present if it is configured to use NTLM. The vulnerability can be triggered by specifying invalid Base64 string within the Authorization header. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1319
https://notcve.org/view.php?id=CVE-2010-1319
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length. Un desbordamiento de enteros en la función AgentX::receive_agentx en AgentX++ versión 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versión 11.x hasta 13.x y otros productos, permite que los atacantes remotos ejecuten código arbitrario por medio de una petición con una longitud de una carga útil creada. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-189: Numeric Errors •
CVE-2010-1318 – Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1318
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. Un desbordamiento de búfer en la región stack de la memoria en la función AgentX::receive_agentx en AgentX++ versión 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versión 11.x hasta 13.x y otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. • https://www.exploit-db.com/exploits/12274 https://www.exploit-db.com/exploits/16452 http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0417 – RealPlayer: rule book handling heap corruption
https://notcve.org/view.php?id=CVE-2010-0417
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption. Desbordamiento de búfer en common/util/rlstate.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de una estructura RuleBook con un elevado número de caracteres de rule-separator (Separador de reglas) que provocan una corrupción de memoria dinámica (heap). • http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html http://secunia.com/advisories/38450 http://www.redhat.com/support/errata/RHSA-2010-0094.html https://bugzilla.redhat.com/show_bug.cgi?id=561860 https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364 https://access.redhat.com/security/cve/CVE-2010-0417 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0416 – Helix Player 11.0.2 - Encoded URI Processing Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0416
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits. Desbordamiento de búfer en la función Unescape en common/util/hxurl.cpp y player/hxclientkit/src/CHXClientSink.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de un argumento URL que contiene caracteres de % (porcentaje) que no están seguidos por dos dígitos hexadecimales. • https://www.exploit-db.com/exploits/33620 http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html http://secunia.com/advisories/38450 http://www.redhat.com/support/errata/RHSA-2010-0094.html https://bugzilla.redhat.com/show_bug.cgi?id=561856 https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847 https://access.redhat.com/security/cve/CVE-2010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •