CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf	Vendor Advisory
http://www.securityfocus.com/bid/47110

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:helix_server:12.0.0:::::::*
	cpe:2.3:a:realnetworks:helix_server:12.0.1:::::::*
	cpe:2.3:a:realnetworks:helix_server:13.0.0:::::::*
	cpe:2.3:a:realnetworks:helix_server:13.1.1:::::::*
	cpe:2.3:a:realnetworks:helix_server:14.0.0:::::::*
	cpe:2.3:a:realnetworks:helix_server:14.0.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:realnetworks:helix_mobile_server:12.0:::::::*
	cpe:2.3:a:realnetworks:helix_mobile_server:13.1.1:::::::*
	cpe:2.3:a:realnetworks:helix_mobile_server:14.0.0:::::::*
	cpe:2.3:a:realnetworks:helix_mobile_server:14.0.1:::::::*

History

No history.

Information

Published : 2011-04-04 12:27

Updated : 2023-12-10 11:03

NVD link : CVE-2010-4235

Mitre link : CVE-2010-4235

CVE.ORG link : CVE-2010-4235

JSON object : View

Products Affected

realnetworks

helix_server
helix_mobile_server

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2010-4235", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-04T12:27:36.327", "references": [{"url": "http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47110", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header."}, {"lang": "es", "value": "Vulnerabilidad de formato de cadena en RealNetworks Helix Server v12.x, v13.x, y v14.x antes de v14.2, y Helix Mobile Server v12.x, v13.x, y v14.x antes de 14.2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionado con el encabezado HTTP x-wap-perfil."}], "lastModified": "2011-04-06T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:helix_server:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0890EDD4-63FF-43EC-9EC4-852B34E00F51"}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:12.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "572FD8A6-20D8-4639-BFD5-A295E97D8A3A"}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DFAFCD3-1B0A-47D3-9A52-F239A2DD5031"}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:13.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CD3D811-1423-4E04-AF4F-040A24942E4E"}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:14.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCA41FC7-3705-4E40-805C-8A82DDF0188F"}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:14.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E39B1E7-515E-49B9-BB32-18D964F723AF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "396EFF05-B05F-46DE-8DF9-930A056B783B"}, {"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:13.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A146FCCF-85F6-4853-ACA9-10949951AA0E"}, {"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:14.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD06FC5A-80AB-4A49-8F49-421D871775C1"}, {"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:14.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EA0E7AC-DEB4-4B41-9AEB-0752447CA6A0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}