RealNetworks Helix Universal Server Version 9.0 contains multiple buffer overflow vulnerabilities that may allow a remote attacker to execute arbitrary code. On Windows systems, the server is installed by default as a system service. As a result, any arbitrary code that is run does so with system permissions. Unless customized, a Helix server running on a Unix box likely has root privileges, which is granted to any inserted code.
The first vulnerability occurs when an exceptionally long character string is inserted in the Transport field of a SETUP RTSP request to a Helix server. The long string may overwrite the buffer, allowing a remote attacker to execute code.
The second vulnerability occurs when a long URL is supplied to the Describe field and it overwrites the buffer, allowing the execution of code.
The third vulnerability occurs when two identical HTTP requests containing long URIs are sent to a Helix server. The first session hangs while the server processes the long address. The buffer is overwritten when the second identical request is received. A remote attacker may be able to execute code inserted into the URI.
An update is available.