UltraVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win)

Summary
This host is running UltraVNC and is prone to Multiple Integer Overflow Vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary codes in the context of the application and may cause remote code execution to compromise the affected remote system. Impact level: Application/System
Solution
Upgrade to the latest version 1.0.5.4 http://www.uvnc.com/download/1054
Insight
Multiple Integer Overflow due to signedness errors within the functions ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize in ClientConnection.cpp file fails to validate user input.
Affected
UltraVNC version prior to 1.0.5.4 on Windows.
References

Updated on 2017-03-28