UltraVNC VNCViewer Multiple Buffer Overflow Vulnerabilities - Nov08 Network Vulnerability

Summary

This host is installed with UltraVNC VNCViewer and is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code by tricking a user into connecting to a malicious VNC server or by sending specially crafted data to a vncviewer in LISTENING mode and can even cause denial of service condition. Impact Level: Application

Solution

Upgrade to latest Version or Apply the available patch from below link, http://downloads.sourceforge.net/ultravnc/UltraVNC-Viewer-104-Security-Update-2---Feb-8-2008.zip

Insight

The flaw is due to multiple boundary errors within the vncviewer/FileTransfer.cpp file, while processing malformed data.

Affected

UltraVNC VNCViewer Version 1.0.2 and 1.0.4 before RC11 on Windows (Any).

References

http://secunia.com/advisories/28804
http://sourceforge.net/project/shownotes.php?release_id=571174;group_id=63887
http://www.frsirt.com/english/advisories/2008/0486/products

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5001
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

3com switch2hub
Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Linux)
ClamAV Denial of Service Vulnerability (Win)
FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
ClamAV Multiple Vulnerabilities (Win)

Take action and discover your vulnerabilities