Helix.DNA.Server.DESCRIBE.Request.Handle.Buffer.Overflow
Description
This indicates an attack attempt against an integer overflow vulnerability in Helix DNA Server.
The vulnerability is caused by an error when the vulnerable software handles DESCRIBE request. It allows a remote attacker to execute arbitrary code via sending a specially crafted DESCRIBE request with an overly long, invalid LoadTestPassword field.
Affected Products
Real Networks Helix DNA Server 11.1
Real Networks Helix DNA Server 11.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Update to version 11.1.3 or later.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-10-16 | 13.473 | Sig Added |