RealNetworks Helix Server prior 12.0.0 DataConvertBuffer input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in RealNetworks Helix Server. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument DataConvertBuffer results in input validation. This vulnerability is identified as CVE-2009-2533. Additionally, an exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in RealNetworks Helix Server. This affects an unknown functionality. The manipulation of the argument DataConvertBuffer with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on availability. The summary by CVE is:
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.
The weakness was released 07/14/2009 by CORE Security with CORE Security Technologies (Website). It is possible to read the advisory at vupen.com. This vulnerability is uniquely identified as CVE-2009-2533 since 07/17/2009. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known.
A public exploit has been developed by Core Security in Python and been published 3 days after the advisory. The exploit is shared for download at securityfocus.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 40350 (RealNetworks Helix Server < 13.0.0 Multiple Remote DoS), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc..
Upgrading to version 12.0.0 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8851.
The vulnerability is also documented in the databases at X-Force (51842), Exploit-DB (9198), Tenable (40350), SecurityFocus (BID 35731†) and OSVDB (55981†). Entry connected to this vulnerability is available at VDB-49072. Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
License
Website
- Vendor: https://www.realnetworks.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Core Security
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 40350
Nessus Name: RealNetworks Helix Server < 13.0.0 Multiple Remote DoS
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Helix Server 12.0.0
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
07/14/2009 🔍07/14/2009 🔍
07/14/2009 🔍
07/17/2009 🔍
07/17/2009 🔍
07/17/2009 🔍
07/20/2009 🔍
07/20/2009 🔍
07/20/2009 🔍
07/21/2009 🔍
07/28/2009 🔍
03/18/2015 🔍
12/07/2024 🔍
Sources
Vendor: realnetworks.comAdvisory: vupen.com⛔
Researcher: CORE Security
Organization: CORE Security Technologies
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-2533 (🔍)
GCVE (CVE): GCVE-0-2009-2533
GCVE (VulDB): GCVE-100-49071
X-Force: 51842
SecurityFocus: 35731 - RealNetworks Helix Server 'RTSP' Remote Denial of Service Vulnerability
OSVDB: 55981 - RealNetworks Helix Server RTSP SET_PARAMETERS Request Handling DataConvertBuffer Parameter Remote DoS
Vulnerability Center: 22974 - Real Networks Helix Server and Helix Mobile Server \x3C 13.0.0 rmserver Remote DoS, Medium
Vupen: ADV-2009-1947
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/18/2015 15:15Updated: 12/07/2024 02:28
Changes: 03/18/2015 15:15 (66), 02/12/2017 12:55 (22), 08/12/2021 16:03 (3), 12/07/2024 02:28 (15)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.