Signature Detail
Short Name |
VNC:ULTRA-CLIENT-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
VNC |
Keywords |
UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow |
Release Date |
2012/03/29 |
Update Number |
2108 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
VNC: UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow
This signature detects attempts to exploit a known vulnerability against UltraVNC versions 1.0.2 and 1.0.4 release candidates. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers. An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application. UltraVNC 1.0.2 and UltraVNC 104 release candidates released prior to January 25, 2008 are vulnerable to this issue. NOTE: This issue affects only VNCViewer. The UltraVNC server is not affected.
Affected Products
- UltraVNC 1.0.2
- UltraVNC 104 RC6
- UltraVNC 104 RC7
- UltraVNC 104 RC8
References
- BugTraq: 27561
- CVE: CVE-2008-0610