CVE-2002-1643

Name of the Vulnerable Software and Affected Versions RealNetworks Helix Universal Server version 9.0 (9.0.2.768)

Description The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through various means, including a long Transport field in a "SETUP RTSP request", a "DESCRIBE RTSP request" with a long URL argument, or two simultaneous "HTTP GET requests" with long arguments.

Recommendations For RealNetworks Helix Universal Server version 9.0 (9.0.2.768), consider restricting access to the RTSP and HTTP endpoints to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the length of arguments in RTSP requests and HTTP GET requests.