CVE-2002-1643
Scores
EPSS
Percentile: 80.6%
CVSS
CVSS Score: 7.5/10
All CVSS Scores
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
Attack Complexity
Low (L)
Describes the conditions beyond the attacker's control
Authentication
None (N)
Describes the level of privileges an attacker must possess
Confidentiality Impact
Partial
Measures the impact to the confidentiality of information
Integrity Impact
Partial
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
Partial
Measures the impact to the availability of the impacted component
Description
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
Scaner-VS 7 — a modern vulnerability management solution
Sources
Exploits
Recommendations
Source: nvd
Apply a patch from the vendorRealNetworks has provided information about patches for the Helix Universal Server at the following location:http://www.service.real.com/help/faq/security/bufferoverrun12192002.htmlUsers are encouraged to review this information and apply the patch.WorkaroundsDisable access to the Helix Server via HTTPIf patches cannot be applied, limit access to the HTTP service (80/tcp) on the vulnerable systems to trusted systems on the network. Note that this will not prevent internal attackers from exploiting this vulnerability, but can limit exposure. As a general rule, the CERT/CC recommends blocking access to all services that are not explicitly required.
Vulnerable Software (1)
Type: Configuration
Vendor: *
Product: helix_universal_server
Operating System: * * *
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:realnetworks:helix_universal_server:9.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:realnetworks:helix_univ...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:realnetworks:helix_universal_server:9.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:realnetworks:helix_universal_server:9.0.2.768:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd