CVE-1999-0896
published 1999-11-04CVE-1999-0896: Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
PriorityP344critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
12.81%
95.8th percentile
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realserver_g2 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)
exploitdb·1999-11-04
CVE-1999-0896 Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)
Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/767/info
At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the correct port must be specified and a valid username/password pair must be entered. By sending a long response to this authentication request, the buffer can be overwritten and arbitrary code can be executed on the server.
/* RealNetworks RealServer G2 buffer overflow exploit
*
* by dark spyrit
* quick unix port by team teso
*
* the windows binary is available at http://www.beavuh.org.
*
* This exploits a buffer overflow in RealServers web auth
Exploit-DB
Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)
exploitdb·1999-11-04
CVE-1999-0896 Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)
Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/767/info
At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the correct port must be specified and a valid username/password pair must be entered. By sending a long response to this authentication request, the buffer can be overwritten and arbitrary code can be executed on the server.
; The binary is available at http://www.beavuh.org.
;
; This exploits a buffer overflow in RealServers web authentication on
; the administrator port - hence the reason the shellcode is base64 encoded.
; This has been tested on the NT
No writeups or analysis indexed.
1999-11-04
Published