Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1643

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1643
Last Modified 05 Sep 2008 04:31:08
Published 19 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1643

Summary

Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RSTP request, (2) a DESCRIBE RSTP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.

Vulnerable Systems

Application

  • Realnetworks Helix Universal Server 9.0

  • Realnetworks Helix Universal Server 9.0.2.768


References

CERT-VN - VU#974689

CONFIRM - http://www.service.real.com/help/faq/security/bufferoverrun12192002.html

BID - 6458

BID - 6456

BID - 6454

XF - helix-http-get-bo(10917)

XF - helix-rtsp-describe-bo(10916)

XF - helix-rtsp-setup-bo(10915)

BUGTRAQ - 20021220 RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)

MISC - http://www.nextgenss.com/advisories/realhelix.txt


Last Updated: 27 May 2016 10:37:26