TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win) Network Vulnerability

Summary

This host is running TightVNC and is prone to Multiple Integer Overflow Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the application and may cause remote code execution to compromise the affected remote system. Impact level: Application/System

Solution

Upgrade to the latest version 1.3.10 http://www.tightvnc.com/download.html

Insight

Multiple Integer Overflow due to signedness errors within the functions ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize in ClientConnection.cpp file fails to validate user input.

Affected

TightVNC version 1.3.9 and prior on Windows.

References

http://www.coresecurity.com/content/vnc-integer-overflows

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0388

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Becky! Internet Mail Buffer Overflow Vulnerability
DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)
Apache mod_proxy content-length buffer overflow

Take action and discover your vulnerabilities