CVE-2006-6026 - Crackers Carpetmuncher
Description
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3 and Helix DNA Server 11.0 and 11.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
Reference
http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml http://www.securityfocus.com/bid/21141 http://secunia.com/advisories/22944 http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html http://gleg.net/helix.txt http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf http://www.attrition.org/pipermail/vim/2007-March/001459.html http://www.attrition.org/pipermail/vim/2007-March/001468.html http://www.securityfocus.com/bid/23068 http://www.vupen.com/english/advisories/2007/1056 https://www.exploit-db.com/exploits/3531 http://www.securityfocus.com/archive/1/463333/100/0/threaded