CVE-2010-4235
RealNetworks Helix Server and Helix Mobile Server < 14.2 - Remote Code Execution via x-wap-profile HTTP Header
Title source: llmDescription
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47110
Vendor Advisory x_refsource_confirm
http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf
Scores
EPSS
0.0415
EPSS Percentile
89.5%
Details
CWE
CWE-134
Status
published
Products (10)
realnetworks/helix_mobile_server
12.0
realnetworks/helix_mobile_server
13.1.1
realnetworks/helix_mobile_server
14.0.0
realnetworks/helix_mobile_server
14.0.1
realnetworks/helix_server
12.0.0
realnetworks/helix_server
12.0.1
realnetworks/helix_server
13.0.0
realnetworks/helix_server
13.1.1
realnetworks/helix_server
14.0.0
realnetworks/helix_server
14.0.1
Published
Apr 04, 2011
Tracked Since
Feb 18, 2026