Vulnerability CVE-2010-4235
Published: 2011-04-04   Modified: 2012-02-13

Description:
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

Type:

CWE-134

 (Uncontrolled Format String)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Realnetworks -> Helix mobile server 
Realnetworks -> Helix server 

 References:
http://www.securityfocus.com/bid/47110
http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf
Copyright 2024, cxsecurity.com

 

Back to Top