RealNetworks Helix Server RTSP Proxy-Require heap overflow

Added: 03/18/2008
CVE: CVE-2008-5911
BID: 33059

Background

RealNetworks Helix Server is a media server supporting multiple formats and platforms.

Problem

A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted Proxy-Require header in an RTSP request.

Resolution

Upgrade to Helix Server 11.1.8 or 12.0.1 or higher.

References

http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf

Limitations

Exploit works on RealNetworks Helix Server 12.0 on Windows Server 2003 SP2.

Due to the nature of the vulnerability, the success of this exploit may depend on the state of the target system's memory.

Platforms

Windows

Back to exploit index