Buffer overflow in Realnetworks Helix_dna_server

CVE-2010-1317

Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.

Vulnerability class: Buffer Overflow

EPSS: 0.007 (73.5th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Helix_dna_server — versions 11.0, 11.1.3, 11.1
Realnetworks Helix_server — versions 11.0, 12.0.0, 11.1
Realnetworks Helix_server_mobile — versions 11.0, 12.0.0, 13.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

39279 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
39490 (vdb-entry, x_refsource_BID)
ADV-2010-0889 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)