UltraVNC VNCViewer Multiple Buffer Overflow Vulnerabilities - Nov08 Network Vulnerability

Summary

This host is installed with UltraVNC VNCViewer and is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code by tricking a user into connecting to a malicious VNC server or by sending specially crafted data to a vncviewer in LISTENING mode and can even cause denial of service condition. Impact Level: Application

Solution

Upgrade to latest Version or Apply the available patch from below link, http://downloads.sourceforge.net/ultravnc/UltraVNC-Viewer-104-Security-Update-2---Feb-8-2008.zip

Insight

The flaw is due to multiple boundary errors within the vncviewer/FileTransfer.cpp file, while processing malformed data.

Affected

UltraVNC VNCViewer Version 1.0.2 and 1.0.4 before RC11 on Windows (Any).

References

http://secunia.com/advisories/28804
http://sourceforge.net/project/shownotes.php?release_id=571174;group_id=63887
http://www.frsirt.com/english/advisories/2008/0486/products

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5001

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Abyss httpd DoS
AzeoTech DAQFactory Denial of Service Vulnerability
Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)
connect to all open ports
Adobe Reader '.ETD File' Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities