PT-2011-1483 · Realnetworks · Helix Mobile Server+1

Published

2011-04-01

Updated

2011-04-06

CVE-2010-4235

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealNetworks Helix Server versions 12.x through 14.1 RealNetworks Helix Mobile Server versions 12.x through 14.1

Description The issue allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. This is a format string vulnerability.

Recommendations For RealNetworks Helix Server versions 12.x through 14.1, update to version 14.2 or later. For RealNetworks Helix Mobile Server versions 12.x through 14.1, update to version 14.2 or later. As a temporary workaround, consider restricting access to the x-wap-profile HTTP header until a patch is available.

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2010-4235

ZDI-11-114

Affected Products

Helix Mobile Server

Helix Server

PT-2011-1483 · Realnetworks · Helix Mobile Server+1

CVE-2010-4235

Weakness Enumeration

Related Identifiers

Affected Products

References · 4