Vulnerability CVE-2010-1317


Published: 2010-04-20   Modified: 2012-02-13

Description:
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Realnetworks -> Helix dna server 
Realnetworks -> Helix server 
Realnetworks -> Helix server mobile 

 References:
http://www.vupen.com/english/advisories/2010/0889
http://www.securityfocus.com/bid/39490
http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf
http://secunia.com/advisories/39279

Copyright 2024, cxsecurity.com

 

Back to Top