Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4770

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4770
Last Modified 21 Aug 2010 01:25:13
Published 16 Jan 2009 04:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4770

Summary

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

Vulnerable Systems

Application

  • Realvnc 4.0

  • Realvnc 4.1.2

  • Realvnc 4.4.2

  • Realvnc E4.0

  • Realvnc P4.0

  • Realvnc P4.4.2


References

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1

FEDORA - FEDORA-2009-1001

XF - realvnc-rfb-protocol-code-execution(47937)

XF - realvnc-cmsgreader-code-execution(45969)

VUPEN - ADV-2008-2868

BID - 33263

BID - 31832

REDHAT - RHSA-2009:0261

CONFIRM - http://www.realvnc.com/products/upgrade.html

CONFIRM - http://www.realvnc.com/products/free/4.1/release-notes.html

MLIST - [vnc-list] 20081126 VNC Viewer Vulnerability CVE-2008-4770

GENTOO - GLSA-200903-17

SUNALERT - 248526

SECUNIA - 34184

SECUNIA - 33689

SECUNIA - 32317


Last Updated: 27 May 2016 10:48:37