Detections
Analytics

RealNetworks Helix Server 11.x / 12.x / 13.x Multiple Vulnerabilities

high Nessus Plugin ID 45543

Language:

Synopsis

The remote media streaming server is affected by multiple vulnerabilities.

Description

According to its banner, the remote host is running version 11.x, 12.x, or 13.x of RealNetworks Helix Server / Helix Mobile Server. Such versions are potentially affected by multiple vulnerabilities :

 - A heap overflow exists in the NTLM authentication code related to invalid Base64 encoding. (CVE-2010-1317)

 - A stack-based buffer overflow within AgentX++ could lead to arbitrary code execution. (CVE-2010-1318)

 - An integer overflow within AgentX++ could lead to arbitrary code execution. (CVE-2010-1319)

Solution

Upgrade to RealNetworks Helix Server / Helix Mobile Server 14.0.0 or later.

See Also

http://www.nessus.org/u?d5d74423

Plugin Details

Severity: High

ID: 45543

File Name: helix_svr_14_multiple.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 4/15/2010

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/15/2010

Vulnerability Publication Date: 4/15/2010

Exploitable With

Core Impact

Metasploit (AgentX++ Master AgentX::receive_agentx Stack Buffer Overflow)

Reference Information

CVE: CVE-2010-1317, CVE-2010-1318, CVE-2010-1319

BID: 39490, 39561, 39564

Secunia: 39279