CVE-2010-1319 | Vulnerability Database | Aqua Security

Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.

Affected Software

Name	Vendor	Start Version	End Version
Helix_mobile_server	Realnetworks	*	13.1.1 (including)
Helix_server	Realnetworks	*	13.1.1 (including)
Helix_server	Realnetworks	11.0 (including)	11.0 (including)
Helix_server	Realnetworks	11.1 (including)	11.1 (including)
Helix_server	Realnetworks	12.0.0 (including)	12.0.0 (including)
Helix_server	Realnetworks	12.0.1 (including)	12.0.1 (including)
Helix_server_mobile	Realnetworks	11.0 (including)	11.0 (including)
Helix_server_mobile	Realnetworks	12.0.0 (including)	12.0.0 (including)
Helix_server_mobile	Realnetworks	13.0.0 (including)	13.0.0 (including)

References

http://secunia.com/advisories/39279
http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf
http://www.securityfocus.com/bid/39490
http://www.vupen.com/english/advisories/2010/0889

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1319
CWE	https://cwe.mitre.org/data/definitions/189.html