1. CVE-Search
  2. CVE-2006-3276
ID CVE-2006-3276
Summary Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". Upgrade to Helix DNA Server version 11.1 : https://helix-server.helixcommunity.org/2005/devdocs/builds
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:helix_dna_server:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:helix_dna_server:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 18606
fulldisc 20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities
misc http://labs.musecurity.com/advisories/MU-200606-01.txt
osvdb 26799
sectrack 1016365
secunia 20784
vupen ADV-2006-2521
xf
  • helix-dna-rtsp-bo(27316)
  • helix-dna-url-bo(27317)
Last major update 20-07-2017 - 01:32
Published 28-06-2006 - 22:05
Last modified 20-07-2017 - 01:32
Back to Top