CVE-2009-2533

Exploit

EPSS 10.21%
Published 20.07.2009 17:30:54
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Realnetworks ≫ Helix Server Version <= 12.0.1

Realnetworks ≫ Helix Server Version12.0.0

Realnetworks ≫ Helix Server Mobile Version <= 12.0.0

Realnetworks ≫ Helix Server Mobile Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.21%	0.924

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf

http://osvdb.org/55981

http://www.coresecurity.com/content/real-helix-dna

Exploit

http://www.exploit-db.com/exploits/9198

http://www.securityfocus.com/archive/1/505083/100/0/threaded

http://www.securityfocus.com/bid/35731

http://www.vupen.com/english/advisories/2009/1947

https://nvd.nist.gov/vuln/detail/CVE-2009-2533

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2533

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2533

EUVD