Skip to main content

UltraVNC Multiple Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 5 Feb 2008 4543 Views

RISK: Medium Risk

A vulnerability has been identified in UltraVNC, which could be exploited by attackers to cause a denial of service or take complete control of an affected system.

A buffer overflow error in the [vncviewer/ClientConnection.cpp] function and multiple boundary errors within the [vncviewer/FileTransfer.cpp] function when processing overly long data while running vncviewer in "LISTENING" mode or when connecting to a malicious server, which could be exploited by attackers to crash a vulnerable viewer or execute arbitrary code.

This may also be exploited if a DSM plugin is used, but requires that the attacker owns the encryption key used by vncviewer.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • UltraVNC versions 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patch :
http://downloads.sourceforge.net/ultravnc/UltraVNC-Viewer-104-Security-Update-2---Feb-8-2008.zip


Vulnerability Identifier


Source


Related Link