Intrusion Prevention

Helix.DNA.Server.DESCRIBE.Request.Handle.Buffer.Overflow

Description

This indicates an attack attempt against an integer overflow vulnerability in Helix DNA Server.
The vulnerability is caused by an error when the vulnerable software handles DESCRIBE request. It allows a remote attacker to execute arbitrary code via sending a specially crafted DESCRIBE request with an overly long, invalid LoadTestPassword field.

Affected Products

Real Networks Helix DNA Server 11.1
Real Networks Helix DNA Server 11.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to version 11.1.3 or later.

CVE References

CVE-2006-6026