CVE-2010-1319 - Vulnerability Details - OpenCVE

Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Realnetworks	Helix Mobile Server Helix Server Helix Server Mobile

Configuration 1 [-]

OR	cpe:2.3:a:realnetworks:helix_mobile_server::::::::
	cpe:2.3:a:realnetworks:helix_server::::::::
	cpe:2.3:a:realnetworks:helix_server:11.0:::::::*
	cpe:2.3:a:realnetworks:helix_server:11.1:::::::*
	cpe:2.3:a:realnetworks:helix_server:12.0.0:::::::*
	cpe:2.3:a:realnetworks:helix_server:12.0.1:::::::*
	cpe:2.3:a:realnetworks:helix_server_mobile:11.0:::::::*
	cpe:2.3:a:realnetworks:helix_server_mobile:12.0.0:::::::*
	cpe:2.3:a:realnetworks:helix_server_mobile:13.0.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/39279
http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf
http://www.securityfocus.com/bid/39490
http://www.vupen.com/english/advisories/2010/0889

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-04-20T15:00:00Z

Updated: 2024-09-16T19:35:45.217Z

Reserved: 2010-04-08T00:00:00Z

Link: CVE-2010-1319

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-04-20T15:30:00.677

Modified: 2024-11-21T01:14:07.967

Link: CVE-2010-1319

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-20T15:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "39490", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39490"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"}, {"name": "39279", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39279"}, {"name": "ADV-2010-0889", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0889"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1319", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "39490", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39490"}, {"name": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf", "refsource": "CONFIRM", "url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"}, {"name": "39279", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39279"}, {"name": "ADV-2010-0889", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0889"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:19.033Z"}, "title": "CVE Program Container", "references": [{"name": "39490", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39490"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"}, {"name": "39279", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39279"}, {"name": "ADV-2010-0889", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0889"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1319", "datePublished": "2010-04-20T15:00:00Z", "dateReserved": "2010-04-08T00:00:00Z", "dateUpdated": "2024-09-16T19:35:45.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BBC0E44-FDAD-43F5-8873-0EEF172E4F87", "versionEndIncluding": "13.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "91022AB5-4163-4BC4-BF9D-173391FFABA2", "versionEndIncluding": "13.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A30A2490-21FC-4C0D-80A3-B89E6F58E93A", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "2954F6FF-357E-4E76-B135-DECDED4241B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0890EDD4-63FF-43EC-9EC4-852B34E00F51", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "572FD8A6-20D8-4639-BFD5-A295E97D8A3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "74F01F2C-036C-4B6E-B66D-F0870801D397", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CB773CC-C81C-424A-9493-4CAD2E0E8262", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F8EAA7F-6191-4B5B-AE3C-335C6D5897E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n AgentX::receive_agentx en AgentX++ versi\u00f3n 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versi\u00f3n 11.x hasta 13.x y otros productos, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de una petici\u00f3n con una longitud de una carga \u00fatil creada."}], "id": "CVE-2010-1319", "lastModified": "2024-11-21T01:14:07.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-20T15:30:00.677", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39279"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/39490"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/39490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0889"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}