CVE-2009-2533

Exploit

EPSS 10.21%
Veröffentlicht 20.07.2009 17:30:54
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Realnetworks ≫ Helix Server Version <= 12.0.1

Realnetworks ≫ Helix Server Version12.0.0

Realnetworks ≫ Helix Server Mobile Version <= 12.0.0

Realnetworks ≫ Helix Server Mobile Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.21%	0.924

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf

http://osvdb.org/55981

http://www.coresecurity.com/content/real-helix-dna

Exploit

http://www.exploit-db.com/exploits/9198

http://www.securityfocus.com/archive/1/505083/100/0/threaded

http://www.securityfocus.com/bid/35731

http://www.vupen.com/english/advisories/2009/1947

https://nvd.nist.gov/vuln/detail/CVE-2009-2533

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2533

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2533

EUVD