iDefense Security Advisory 03.31.11 - Remote exploitation of a stack buffer overflow vulnerability in RealNetworks Inc.'s Helix DNA Server could allow an attacker to execute arbitrary code with the privileges of the affected service. The Helix DNA Server contains a vulnerability that can be triggered by an unauthenticated attacker. The vulnerability results due to the parsing of a certain type of Real Time Streaming Protocol (RTSP) request specifying a large string. The vulnerable function may perform a copy operation that results in the bounds of a stack buffer to be overflown. Helix Server and Helix Mobile Server versions 12.x, 13.x and 14.x are vulnerable.
646f9692a4c19c1a67265898df206d806c7f6d3f87eeea396e9dd15496d03dcb