RealNetworks Helix Server SETUP命令远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1182244 漏洞类型 输入验证
发布时间 2009-07-14 更新时间 2009-07-20
CVE编号 CVE-2009-2534 CNNVD-ID CNNVD-200907-285
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/35732
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-285
|漏洞详情
HelixServer是一款支持多格式、跨平台的流媒体服务器软件。如果向HelixServer发送了缺少0x2F字节的畸形SETUP请求,就会在服务器中触发访问破坏导致崩溃。以下是触发异常的代码段:/-----------0047A490|.6A2FPUSH2F0047A492|.56PUSHESI0047A493|.FF1508425100CALLDWORDPTRDS:[lt;MSVCR71.strchrgt;]MSVCR71.strchr------------/只要发送了"/"(0x2F)字符,程序就会试图从0拷贝,触发访问破坏异常。/-----------0047A490|.6A2FPUSH2F0047A492|.56PUSHESI0047A493|.FF1508425100CALLDWORDPTRDS:[lt;MSVCR71.strchrgt;]MSVCR71.strchr------------/
|受影响的产品
RealNetworks Helix Server 12.0.1 .215 RealNetworks Helix Server 12.0.1 RealNetworks Helix Server 12.0 RealNetworks Helix Server 11.1.8 RealNetworks Helix Server 11.1.7 Rea
|参考资料

来源:VUPEN
名称:ADV-2009-1947
链接:http://www.vupen.com/english/advisories/2009/1947
来源:BID
名称:35732
链接:http://www.securityfocus.com/bid/35732
来源:BUGTRAQ
名称:20090717CORE-2009-0227:RealHelixDNARTSPandSETUPrequesthandlervulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/505083/100/0/threaded
来源:MILW0RM
名称:9198
链接:http://www.milw0rm.com/exploits/9198
来源:MISC
链接:http://www.coresecurity.com/content/real-helix-dna
来源:OSVDB
名称:55982
链接:http://osvdb.org/55982
来源:docs.real.com
链接:http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf