Title: AT&T WinVNC Server Buffer Overflow Vulnerability
Severity: HIGH
Description:
WinVNC is a freely available software package designed to give remote desktop access to servers using the client/server. It is distributed and maintained by AT&T.
A problem with the WinVNC server could allow remote users to arbitrarily execute code. The problem is due to the handling of HTTP requests when a non-zero debug level has been set. HTTP requests are placed into a buffer of 1024 bytes, and when the Windows registry key DebugLevel is set to a value greater than 0, the HTTP request is logged using the method ReallyPrint(), which contains a fixed buffer of 1024 bytes. It is possible to generate a custom crafted HTTP request to the WinVNC server that will overwrite variables on the stack, including the return address.
A malicious user can use this vulnerability to execute arbitrary code with privileges of the WinVNC server process, and potentially gain access to the local system.
Affected Products:
- AT&T WinVNC Server 3.3.3 r7
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
