This attack could pose a moderate security threat. It does not require immediate action.
This signature detects an attempt to exploit a buffer overflow in the Real Networks Helix Universal Server.
Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.
A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.
A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'describe'or 'setup' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.
Due to this server running on TCP port 554 on most Windows systems, and the server being installed as a system service, exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.
- Real Networks Helix Universal Server 9.0