CVE-2004-0389

high-risk

Published 2004-06-01

RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

Do I need to act?

8.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

24010

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Helix Universal Server

Affected Vendors

Realnetworks

References (8)

Broken Link http://secunia.com/advisories/11395

Broken Link http://www.idefense.com/application/poi/display?id=102&type=vulnerabilities

Broken Link http://www.securityfocus.com/bid/10157

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/15880

Broken Link http://secunia.com/advisories/11395

Broken Link http://www.idefense.com/application/poi/display?id=102&type=vulnerabilities

Broken Link http://www.securityfocus.com/bid/10157

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/15880

/ 100

high-risk

Severity 26/34 · High

Exploitability 17/34 · Moderate

Exposure 7/34 · Low