Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

RealNetworks Helix Server < 11.1.8 / 12.0.1 Multiple Vulnerabilities

High

Synopsis

The remote media streaming server is affected by multiple vulnerabilities.

Description

The remote host is running a version of RealNetworks Helix Server older than 11.1.8 / 12.0.1. Such versions are reportedly affected by multiple issues :

- A vulnerability involving an RTSP 'DESCRIBE' request could allow an unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-CAN-293)

- By sending three specially crafted RTSP 'SETUP' requests it may be possible to crash the remote RTSP server. (ZDI-CAN-323)

- A heap overflow vulnerability in 'DataConvertBuffer' could allow an unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-CAN-333)

- A heap overflow vulnerability in NTLM authentication could allow an unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-CAN-380)

Solution

Update to version 11.1.8 / 12.0.1 or higher.