CVE-2006-6026
published 2006-11-21CVE-2006-6026: Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to…
PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.39%
95.2th percentile
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_dna_server | — | — |
| realnetworks | helix_dna_server | — | — |
| realnetworks | helix_mobile_server | <= 11.1.2 | — |
| realnetworks | helix_server | <= 11.1.2 | — |
| realnetworks | helix_server | — | — |
| realnetworks | helix_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
41 * 1116 (0x41 x1116) overflow padding preceding control DWORDs
- →Monitor for RTSP DESCRIBE requests on TCP/554 containing a LoadTestPassword header field with anomalously large or malformed values, indicative of heap overflow exploitation attempts against Helix Server. ↗
- →Alert on outbound or inbound TCP connections to port 4444 originating from the Helix Server process (rmserver.exe), which may indicate successful shellcode execution spawning a reverse/bind shell. ↗
- →Exploit targets Windows 2000 SP4; detection should focus on Helix Server versions 11.0.x and 11.1.x (prior to 11.1.3) on Windows hosts receiving large RTSP DESCRIBE payloads (~1116+ bytes in the LoadTestPassword field). ↗
- ·The vulnerability affects Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1; versions at or above 11.1.3 are patched and should not be vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
RealNetworks Helix DNA Server up to 11.1.2 memory corruption (EDB-3531 / Nessus ID 24876)
vuldb·2026-04-28·CVSS 10.0
CVE-2006-6026 [CRITICAL] RealNetworks Helix DNA Server up to 11.1.2 memory corruption (EDB-3531 / Nessus ID 24876)
A vulnerability, which was classified as critical, was found in RealNetworks Helix DNA Server up to 11.1.2. Affected by this issue is some unknown functionality. Executing a manipulation can lead to memory corruption.
The identification of this vulnerability is CVE-2006-6026. The attack may be launched remotely. Furthermore, there is an exploit available.
You should upgrade the affected component.
GHSA
GHSA-534j-2pp7-6723: Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11
ghsa_unreviewed·2022-05-01
CVE-2006-6026 [HIGH] CWE-119 GHSA-534j-2pp7-6723: Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
No detection rules found.
No writeups or analysis indexed.
http://docs.real.com/docs/security/SecurityUpdate032107Server.pdfhttp://gleg.net/helix.txthttp://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.htmlhttp://secunia.com/advisories/22944http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtmlhttp://www.attrition.org/pipermail/vim/2007-March/001459.htmlhttp://www.attrition.org/pipermail/vim/2007-March/001468.htmlhttp://www.securityfocus.com/archive/1/463333/100/0/threadedhttp://www.securityfocus.com/bid/21141http://www.securityfocus.com/bid/23068http://www.vupen.com/english/advisories/2007/1056https://www.exploit-db.com/exploits/3531http://docs.real.com/docs/security/SecurityUpdate032107Server.pdfhttp://gleg.net/helix.txthttp://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.htmlhttp://secunia.com/advisories/22944http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtmlhttp://www.attrition.org/pipermail/vim/2007-March/001459.htmlhttp://www.attrition.org/pipermail/vim/2007-March/001468.htmlhttp://www.securityfocus.com/archive/1/463333/100/0/threadedhttp://www.securityfocus.com/bid/21141http://www.securityfocus.com/bid/23068http://www.vupen.com/english/advisories/2007/1056https://www.exploit-db.com/exploits/3531
2006-11-21
Published