HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2010-4235

CVSS 10.0v2.0pub. 2011-04-04upd. 2026-04-29

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Realnetworks Helix Mobile Server

    APP
    Realnetworks
    12.013.1.114.0.014.0.1
  • Realnetworks Helix Server

    APP
    Realnetworks
    12.0.012.0.113.0.013.1.114.0.014.0.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2012-0942HIGH7.5ten sam produkt

Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows ...

CVE-2010-4596HIGH9.3ten sam produkt

Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Se...

CVE-2010-1319HIGH10.0ten sam produkt

Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Serv...

CVE-2010-1317HIGH7.5ten sam produkt

Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mob...

CVE-2010-1318HIGH10.0ten sam produkt

Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks...