CVE-2012-0942
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| realnetworks | helix_server | 14.0.0 | |
| realnetworks | helix_server | 14.0.1 | |
| realnetworks | helix_server | 14.2 | |
| realnetworks | helix_server | 14.2.0.212 | |
| realnetworks | helix_mobile_server | 14.0.0 | |
| realnetworks | helix_mobile_server | 14.0.1 | |
References
- http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf
- http://www.securityfocus.com/bid/52929
- http://www.securitytracker.com/id?1026898
- http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf
- http://www.securityfocus.com/bid/52929
- http://www.securitytracker.com/id?1026898
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.