Security update for RealNetworks Helix Server
RealNetworks has released an update to its Helix streaming media server, fixing four security vulnerabilities. According to the update notes, a heap overflow when processing RTSP DESCRIBE commands allows attackers to execute arbitrary code on the server. Similar issues occur with the Helix Server DataConvertBuffer and NTLM authentication with particular Base64 encoded data. The server is also vulnerable to a denial of service attack, using just three crafted packets.
The affected versions are Helix Server versions 11.x and 12.x and Helix Mobile Server versions 11.x and 12.x, with the vulnerabilities fixed in versions 11.1.8 and 12.0.1 of both Server and Mobile Server.
- Helix Server Security Update, RealNetworks report