Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0610

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0610
Last Modified 13 Aug 2012 10:37:00
Published 06 Feb 2008 07:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0610

Summary

Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.

Vulnerable Systems

Application

  • Ultravnc 1.0.2

  • Ultravnc 1.0.4

  • Ultravnc 1.0.4 Rc6

  • Ultravnc 1.0.4 Rc7

  • Ultravnc 1.0.4 Rc8


References

CERT-VN - VU#721460

BID - 27561

SECUNIA - 28747

VUPEN - ADV-2008-0392

SECTRACK - 1019293

CONFIRM - http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/ClientConnection.cpp?sortby=date&r1=169&r2=168&pathrev=169

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887

CONFIRM - http://forum.ultravnc.info/viewtopic.php?t=11850

EXPLOIT-DB - 18666


Last Updated: 27 May 2016 10:51:38