Unrated severityNVD Advisory· Published Apr 4, 2011· Updated Apr 29, 2026

CVE-2010-4235

Description

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

Affected products

RealNetworks/Helix Server6 versions
cpe:2.3:a:realnetworks:helix_server:12.0.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:realnetworks:helix_server:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_server:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_server:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_server:13.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_server:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_server:14.0.1:*:*:*:*:*:*:*
RealNetworks/Helix Mobile Server4 versions
cpe:2.3:a:realnetworks:helix_mobile_server:12.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:realnetworks:helix_mobile_server:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_mobile_server:13.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_mobile_server:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:helix_mobile_server:14.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.real.com/docs/security/SecurityUpdate033111HS.pdfnvdVendor Advisory
www.securityfocus.com/bid/47110nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000