RealNetworks Helix Server AgentX receive_agentx Stack Buffer OverflowAdded: 04/27/2010
BackgroundRealNetworks Helix Server is a media server supporting multiple formats and platforms.
ProblemA stack buffer overflow vulnerability exists in RealNetworks Helix Server due to a boundary error in the AgentX::receive_agentx function. A remote unauthenticated attacker can exploit this vulnerability by sending multiple blocks of data to the target server on port 705/TCP.
Successful exploitation could result in arbitrary code injection and execution with the system privileges. Code injection that does not result in execution could terminate the application due to memory corruption, and could result in a Denial of Service condition.
ResolutionUpgrade to Helix Server 14.0 or later.
LimitationsExploit works on RealNetworks Helix Server 13 on Windows Server 2003 SP2.
Back to exploit index