cbcvebase.
CVE-2006-6026
published 2006-11-21

CVE-2006-6026: Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to…

PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.39%
95.2th percentile
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.

Affected

6 ranges
VendorProductVersion rangeFixed in
realnetworkshelix_dna_server
realnetworkshelix_dna_server
realnetworkshelix_mobile_server<= 11.1.2
realnetworkshelix_server<= 11.1.2
realnetworkshelix_server
realnetworkshelix_server

Detection & IOCsextracted from sources · hover to see the quote

port554
commandDESCRIBE request with invalid LoadTestPassword field
bytes
41 * 1116 (0x41 x1116) overflow padding preceding control DWORDs
  • Monitor for RTSP DESCRIBE requests on TCP/554 containing a LoadTestPassword header field with anomalously large or malformed values, indicative of heap overflow exploitation attempts against Helix Server.
  • Alert on outbound or inbound TCP connections to port 4444 originating from the Helix Server process (rmserver.exe), which may indicate successful shellcode execution spawning a reverse/bind shell.
  • Exploit targets Windows 2000 SP4; detection should focus on Helix Server versions 11.0.x and 11.1.x (prior to 11.1.3) on Windows hosts receiving large RTSP DESCRIBE payloads (~1116+ bytes in the LoadTestPassword field).
  • ·The vulnerability affects Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1; versions at or above 11.1.3 are patched and should not be vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.