RealNetworks Helix Server SETUP命令远程拒绝服务漏洞

https://www.securityfocus.com/bid/35732
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-285

HelixServer是一款支持多格式、跨平台的流媒体服务器软件。如果向HelixServer发送了缺少0x2F字节的畸形SETUP请求，就会在服务器中触发访问破坏导致崩溃。以下是触发异常的代码段：/-----------0047A490|.6A2FPUSH2F0047A492|.56PUSHESI0047A493|.FF1508425100CALLDWORDPTRDS:[lt;MSVCR71.strchrgt;]MSVCR71.strchr------------/只要发送了"/"(0x2F)字符，程序就会试图从0拷贝，触发访问破坏异常。/-----------0047A490|.6A2FPUSH2F0047A492|.56PUSHESI0047A493|.FF1508425100CALLDWORDPTRDS:[lt;MSVCR71.strchrgt;]MSVCR71.strchr------------/

RealNetworks Helix Server 12.0.1 .215 RealNetworks Helix Server 12.0.1 RealNetworks Helix Server 12.0 RealNetworks Helix Server 11.1.8 RealNetworks Helix Server 11.1.7 Rea

来源:VUPEN
名称:ADV-2009-1947
链接:http://www.vupen.com/english/advisories/2009/1947
来源:BID
名称:35732
链接:http://www.securityfocus.com/bid/35732
来源:BUGTRAQ
名称:20090717CORE-2009-0227:RealHelixDNARTSPandSETUPrequesthandlervulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/505083/100/0/threaded
来源:MILW0RM
名称:9198
链接:http://www.milw0rm.com/exploits/9198
来源:MISC
链接:http://www.coresecurity.com/content/real-helix-dna
来源:OSVDB
名称:55982
链接:http://osvdb.org/55982
来源:docs.real.com
链接:http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf