CVE-2006-6026

Public Exploit

Description

Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.

References

Link	Tags
http://gleg.net/helix.txt
https://www.exploit-db.com/exploits/3531	exploit
http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html	mailing list
http://www.securityfocus.com/archive/1/463333/100/0/threaded	mailing list
http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml
http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf
http://www.securityfocus.com/bid/23068	vdb entry
http://www.securityfocus.com/bid/21141	vdb entry
http://secunia.com/advisories/22944	third party advisory vendor advisory
http://www.vupen.com/english/advisories/2007/1056	vdb entry vendor advisory
http://www.attrition.org/pipermail/vim/2007-March/001459.html	mailing list
http://www.attrition.org/pipermail/vim/2007-March/001468.html	mailing list

Frequently Asked Questions

What is the severity of CVE-2006-6026?: CVE-2006-6026 has been scored as a critical severity vulnerability.
How to fix CVE-2006-6026?: To fix CVE-2006-6026, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-6026 being actively exploited in the wild?: It is possible that CVE-2006-6026 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~39% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions