CVE-2009-2534

RealNetworks Helix Server <13.0.0 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2534. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates two DoS vulnerabilities in Real Helix DNA Server (CVE-2009-2533 and CVE-2009-2534) by sending malformed RTSP requests. The first PoC sends multiple SET_PARAMETER requests with an empty DataConvertBuffer, while the second sends a malformed SETUP request missing the 0x2F character.

Description

RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdosmultiple

https://www.exploit-db.com/exploits/9198

View Code ZIP pw:eip

The exploit demonstrates two DoS vulnerabilities in Real Helix DNA Server (CVE-2009-2533 and CVE-2009-2534) by sending malformed RTSP requests. The first PoC sends multiple SET_PARAMETER requests with an empty DataConvertBuffer, while the second sends a malformed SETUP request missing the 0x2F character.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Helix Server Version 12.x, Helix Mobile Server Version 12.x

No auth needed

Prerequisites: Network access to the target server on port 554 (RTSP)

MITRE ATT&CK