Vulnerability CVE-2007-4561
Published: 2007-08-27   Modified: 2012-02-12

Description:
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Helix DNA Server Heap Corruption Vulnerability
Mu Security
28.08.2007

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Realnetworks -> Helix dna server 

 References:
http://www.securityfocus.com/bid/25440
http://www.vupen.com/english/advisories/2007/2986
http://www.securitytracker.com/id?1018605
http://marc.info/?l=full-disclosure&m=118800391412961&w=2
http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt
http://securityreason.com/securityalert/3069
http://secunia.com/advisories/26609
Copyright 2024, cxsecurity.com

 

Back to Top