Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Realnetworks Helix server 12.0.0 (not an official CPE)
Realnetworks Helix server mobile 11.0 (not an official CPE)
Realnetworks Helix server 12.0.1 (not an official CPE)
Realnetworks Helix server mobile 12.0.0 (not an official CPE)
Realnetworks Helix mobile server 13.1.1 (not an official CPE)
Realnetworks Helix server 13.1.1 (not an official CPE)
Realnetworks Helix server 11.0 (not an official CPE)
Realnetworks Helix server 11.1 (not an official CPE)
Realnetworks Helix server mobile 13.0.0 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| ADV-2010-0889 | |||
| 39490 | |||
| http://www.realnetworks.com/uploadedFiles/Support/helix-... | |||
| 39279 |