UltraVNC Multiple Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 5 Feb 2008 5622 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in UltraVNC, which could be exploited by attackers to cause a denial of service or take complete control of an affected system.

A buffer overflow error in the [vncviewer/ClientConnection.cpp] function and multiple boundary errors within the [vncviewer/FileTransfer.cpp] function when processing overly long data while running vncviewer in "LISTENING" mode or when connecting to a malicious server, which could be exploited by attackers to crash a vulnerable viewer or execute arbitrary code.

This may also be exploited if a DSM plugin is used, but requires that the attacker owns the encryption key used by vncviewer.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • UltraVNC versions 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patch :
http://downloads.sourceforge.net/ultravnc/UltraVNC-Viewer-104-Security-Update-2---Feb-8-2008.zip

Vulnerability Identifier

Source

Related Link

Share with

Previous

Yahoo! Music Jukebox ActiveX Multiple Buffer Overflow Vulnerabilities

5 Feb 2008 5513 Views

Next

Nero Media Player M3U File Processing Buffer Overflow Vulnerability

6 Feb 2008 5913 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY