CVE-2009-2533

RealNetworks Helix Server <13.0.0 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2533. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates two DoS vulnerabilities in Real Helix DNA Server (CVE-2009-2533 and CVE-2009-2534) by sending malformed RTSP requests. The first PoC sends multiple SET_PARAMETER requests with an empty DataConvertBuffer, while the second sends a malformed SETUP request missing the 0x2F character.

Description

rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdosmultiple

https://www.exploit-db.com/exploits/9198

View Code ZIP pw:eip

The exploit demonstrates two DoS vulnerabilities in Real Helix DNA Server (CVE-2009-2533 and CVE-2009-2534) by sending malformed RTSP requests. The first PoC sends multiple SET_PARAMETER requests with an empty DataConvertBuffer, while the second sends a malformed SETUP request missing the 0x2F character.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Helix Server Version 12.x, Helix Mobile Server Version 12.x

No auth needed

Prerequisites: Network access to the target server on port 554 (RTSP)

MITRE ATT&CK