In association with heise online

27 August 2007, 13:14

Code injection vulnerability in Helix Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Helix media streaming server from RealNetworks contains a security hole, which could be exploited to execute injected malicious code by simply sending manipulated network packets.

In a security advisory, security service provider Mu Security has reported that a buffer overflow may occur in the Helix DNA Server when processing manipulated packets in the Real-Time-Streaming Protocol (RTSP). The bug is triggered by an RTSP request containing several require headers.

The vulnerability affects Helix servers prior to the current version 11.1.4, in which this vulnerability has already been patched. Helix server administrators should install the current version as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit