UltraVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win) Network Vulnerability

Summary

This host is running UltraVNC and is prone to Multiple Integer Overflow Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the application and may cause remote code execution to compromise the affected remote system. Impact level: Application/System

Solution

Upgrade to the latest version 1.0.5.4 http://www.uvnc.com/download/1054

Insight

Multiple Integer Overflow due to signedness errors within the functions ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize in ClientConnection.cpp file fails to validate user input.

Affected

UltraVNC version prior to 1.0.5.4 on Windows.

References

http://secunia.com/advisories/33794

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0388
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

DesignWorks Professional '.cct' File BOF Vulnerability
Apple iTunes '.pls' Files Buffer Overflow Vulnerability
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities