Use of Externally-Controlled Format String

CVE-2010-4235

High

10/10

Summary

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

Advisory Timeline

Published Apr 04, 2011

Use of Externally-Controlled Format String

CVE-2010-4235

Summary

CWE-134 - Use of Externally-Controlled Format String

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS