Computer Security
[EN] securityvulns.ru no-pyccku


AgentX++ library / Helix Server multiple security vulnerabilities
updated since 26.04.2010
Published:29.04.2010
Source:
SecurityVulns ID:10795
Type:library
Threat Level:
7/10
Description:Integer overflow, buffer overflow.
Affected:AGENTPP : AgentX++ 1.4
 REAL : Helix Server 12
CVE:CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.)
 CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.)
Original documentdocumentREAL, Security Update for Helix Server and Helix Mobile Server (29.04.2010)
 documentZDI, ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability (29.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability (26.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod