[原文]Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".
RealNetworks Helix DNA Server User-Agent HTTP Header Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in RealNetworks Helix DNA Server . The Helix DNA Server fails to handle RTSP requests with a malformed 'User-Agent' header resulting in a heap overflow. With a specially crafted request, an attacker may be able to execute arbitrary code resulting in a loss of integrity.
Upgrade to version 11.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.