Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3276

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3276
Last Modified 07 Mar 2011 09:38:15
Published 28 Jun 2006 06:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3276

Summary

Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".

Vulnerable Systems

Application

  • Realnetworks Helix Dna Server 10.0

  • Realnetworks Helix Dna Server 11.0


References

SECUNIA - 20784

XF - helix-dna-url-bo(27317)

XF - helix-dna-rtsp-bo(27316)

VUPEN - ADV-2006-2521

BID - 18606

SECTRACK - 1016365

MISC - http://labs.musecurity.com/advisories/MU-200606-01.txt

OSVDB - 26799

FULLDISC - 20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities


Last Updated: 27 May 2016 10:42:57