VNC: UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow
This signature detects attempts to exploit a known vulnerability against UltraVNC versions 1.0.2 and 1.0.4 release candidates. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers. An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application. UltraVNC 1.0.2 and UltraVNC 104 release candidates released prior to January 25, 2008 are vulnerable to this issue. NOTE: This issue affects only VNCViewer. The UltraVNC server is not affected.
Affected Products
Ultravnc ultravnc
Short Name
VNC:ULTRA-CLIENT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
VNC
Keywords
'ClientConnection.cpp' Buffer CVE-2008-0610 Overflow Remote UltraVNC VNCViewer bid:27561
Release Date
03/29/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ultravnc
CVSS Score
9.3