Intrusion Prevention

RealNetworks.Helix.Server.NTLM.Authentication.Code.Execution

Description

This indicates an attack attempt to exploit a code-execution vulnerability in Realnetworks Helix Server.
The vulnerability is caused by improper bounds checking in the
NTLM authentication function. By sending a specially crafted HTTP request, a remote attacker could execute arbitrary code on a vulnerable system.

Affected Products

RealNetworks Helix Server version 11.x, 12.x, and 13.x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the vendor's web site:
http://www.realnetworks.com/helix-support/security-updates.aspx

CVE References

CVE-2010-1317