RealNetworks Helix DNA Server RTSP Service Crafted Require Header Remote Overflow

critical Nessus Plugin ID 25950


The remote RTSP server is prone to a buffer overflow attack.


The remote host is running Helix Server or Helix DNA Server, a media streaming server.

The version of the Helix server installed on the remote host reportedly contains a heap overflow that is triggered using an RTSP command with multiple 'Require' headers. An unauthenticated, remote attacker can leverage this flaw to execute arbitrary code subject to the privileges under which it operates, by default LOCAL SYSTEM on Windows.


Upgrade to Helix Server / Helix DNA Server version 11.1.4 or later.

See Also

Plugin Details

Severity: Critical

ID: 25950

File Name: helix_rtsp_mult_requires_overflow.nasl

Version: 1.20

Type: remote

Published: 8/28/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-4561

BID: 25440

CWE: 119, 20