Vulnerability Description
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realnetworks | Helix Universal Server | 9.0 |
References
- http://www.kb.cert.org/vuls/id/974689PatchThird Party AdvisoryUS Government Resource
- http://www.nextgenss.com/advisories/realhelix.txtVendor Advisory
- http://www.securityfocus.com/archive/1/304203Vendor Advisory
- http://www.securityfocus.com/bid/6454ExploitPatch
- http://www.securityfocus.com/bid/6456Patch
- http://www.securityfocus.com/bid/6458Patch
- http://www.service.real.com/help/faq/security/bufferoverrun12192002.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10915
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10916
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10917
- http://www.kb.cert.org/vuls/id/974689PatchThird Party AdvisoryUS Government Resource
- http://www.nextgenss.com/advisories/realhelix.txtVendor Advisory
- http://www.securityfocus.com/archive/1/304203Vendor Advisory
- http://www.securityfocus.com/bid/6454ExploitPatch
- http://www.securityfocus.com/bid/6456Patch
FAQ
What is CVE-2002-1643?
CVE-2002-1643 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE...
How severe is CVE-2002-1643?
CVE-2002-1643 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1643?
Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Helix Universal Server.