Code injection vulnerability in Helix Server
The Helix media streaming server from RealNetworks contains a security hole, which could be exploited to execute injected malicious code by simply sending manipulated network packets.
In a security advisory, security service provider Mu Security has reported that a buffer overflow may occur in the Helix DNA Server when processing manipulated packets in the Real-Time-Streaming Protocol (RTSP). The bug is triggered by an RTSP request containing several require headers.
The vulnerability affects Helix servers prior to the current version 11.1.4, in which this vulnerability has already been patched. Helix server administrators should install the current version as soon as possible.
- Helix DNA Server Heap Corruption Vulnerability, security advisory from Mu Security
(ehe)