RealVNC VNC Viewer Remote Code Execution Vulnerability (Linux) Network Vulnerability

Summary

This host has RealVNC VNC Viewer installed and is prone to security vulnerability. The flaw is due to error in 'CMsgReader::readRect()' function in common/rfb/CMsgReader.cxx processing encoding types, and is exploited by sending specially crafted messages to the application.

Impact

Successful exploitation will allow execution of arbitrary code when user connects to a malicious server. Impact Level: Application

Solution

Update to version 4.1.3 http://www.realvnc.com/products/download.html

Affected

RealVNC VNC Free Edition version prior to 4.1.3 on all running platform

References

http://secunia.com/advisories/32317/
http://www.realvnc.com/products/free/4.1/release-notes.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4770
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV Denial of Service Vulnerability (Linux)
Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)
Asterisk PBX SDP Header Overflow Vulnerability
AppSocket DoS
Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities