UltraVNC Multiple Buffer Overflow Vulnerabilities
A vulnerability has been identified in UltraVNC, which could be exploited by attackers to cause a denial of service or take complete control of an affected system.
A buffer overflow error in the [vncviewer/ClientConnection.cpp] function and multiple boundary errors within the [vncviewer/FileTransfer.cpp] function when processing overly long data while running vncviewer in "LISTENING" mode or when connecting to a malicious server, which could be exploited by attackers to crash a vulnerable viewer or execute arbitrary code.
This may also be exploited if a DSM plugin is used, but requires that the attacker owns the encryption key used by vncviewer.
- Denial of Service
- Remote Code Execution
System / Technologies affected
- UltraVNC versions 1.x
Before installation of the software, please visit the software manufacturer web-site for more details.