CVE-2008-5911
published 2009-01-20CVE-2008-5911: Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
6.19%
92.6th percentile
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_server | — | — |
| realnetworks | helix_server | — | — |
| realnetworks | helix_server_mobile | — | — |
| realnetworks | helix_server_mobile | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Rule release for today - April 21st 2009
blogs_talos·2009-04-21·CVSS 10.0
CVE-2009-0520 [CRITICAL] Rule release for today - April 21st 2009
A small set of new rules in today's release and a couple of modifications. Here are the highlights:
Adobe Flash Player Buffer Overflow (CVE-2009-0520):
Adobe Flash Player contains a programming error that may allow a remote attacker to execute code on a vulnerable system via a specially crafted flash file.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15478.
Oracle BEA WebLogic Buffer Overflow (CVE-2008-5457):
Oracle BEA WebLogic contains a programming error that may allow a remote attacker to execute code on a vulnerable system.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15477.
A previously released rule identified with GID 1, SID 15263 will a
Talos
Rule release for today - April 21st 2009
blogs_talos·2009-04-21·CVSS 10.0
CVE-2009-0520 [CRITICAL] Rule release for today - April 21st 2009
## Rule release for today - April 21st 2009
A small set of new rules in today's release and a couple of modifications. Here are the highlights:
Adobe Flash Player Buffer Overflow (CVE-2009-0520): Adobe Flash Player contains a programming error that may allow a remote attacker to execute code on a vulnerable system via a specially crafted flash file.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15478.
Oracle BEA WebLogic Buffer Overflow (CVE-2008-5457): Oracle BEA WebLogic contains a programming error that may allow a remote attacker to execute code on a vulnerable system.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15477.
A previously released
http://docs.real.com/docs/security/SecurityUpdate121508HS.pdfhttp://secunia.com/advisories/33360http://www.securitytracker.com/id?1021498http://www.securitytracker.com/id?1021499http://www.securitytracker.com/id?1021500http://www.securitytracker.com/id?1021501http://www.vupen.com/english/advisories/2008/3521http://docs.real.com/docs/security/SecurityUpdate121508HS.pdfhttp://secunia.com/advisories/33360http://www.securitytracker.com/id?1021498http://www.securitytracker.com/id?1021499http://www.securitytracker.com/id?1021500http://www.securitytracker.com/id?1021501http://www.vupen.com/english/advisories/2008/3521
2009-01-20
Published