Summary
This host has RealVNC VNC Viewer installed and is prone to security vulnerability.
The flaw is due to error in 'CMsgReader::readRect()' function in common/rfb/CMsgReader.cxx processing encoding types, and is exploited by sending specially crafted messages to the application.
Impact
Successful exploitation will allow execution of arbitrary code when user connects to a malicious server.
Impact Level: Application
Solution
Update to version 4.1.3
http://www.realvnc.com/products/download.html
Affected
RealVNC VNC Free Edition version prior to 4.1.3
References
Severity
Classification
-
CVE CVE-2008-4770 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
- Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)
- Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
- Foxit Reader Multiple Denial of Service Vulnerabilities - Jun09
- Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win)