CVE Vulnerabilities

CVE-2010-4235

Use of Externally-Controlled Format String

Published: Apr 04, 2011 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Helix_server Realnetworks 12.0.0 (including) 12.0.0 (including)
Helix_server Realnetworks 12.0.1 (including) 12.0.1 (including)
Helix_server Realnetworks 13.0.0 (including) 13.0.0 (including)
Helix_server Realnetworks 13.1.1 (including) 13.1.1 (including)
Helix_server Realnetworks 14.0.0 (including) 14.0.0 (including)
Helix_server Realnetworks 14.0.1 (including) 14.0.1 (including)

Potential Mitigations

References