RealNetworks Zips Up the Helix
RealNetworks patches three flaws found in its Helix Universal Server media delivery software.RealNetworks Inc. has issued a patch for three newly discovered vulnerabilities in its Helix Universal Server media delivery software. The vulnerabilities, all buffer overruns, could enable an attacker to run code on remote machines. All of the flaws affect version 9.0 of the server running on all of the available platforms. Its unknown whether any previous versions are vulnerable. While they are all buffer overruns, each vulnerability has a different attack method. The first flaw can be exploited by sending a large character string to the Transport field within a particular GET request. The attackers code would then overwrite the saved return address and run with system privileges.
The second vulnerability requires an attacker to send an overly long URL to the Describe field. Again, the attackers code would overwrite the saved return address and execute.