AT&T WinVNC Client Buffer Overflow Vulnerability

VNC is the Virtual Network Computing package, a freely available remote administration package designed to allow access to a remote system desktop. It is distributed and maintained by AT&T.

A problem with the client portion of the package could allow a remote user to execute arbitrary code. This is due to the handling of the 'rfbConnFailed' packet sent from the server to the client during connection and authentication.

This issue allows an attacker to execute code on a remote system, with the privileges of the user of the WinVNC client.


 

Privacy Statement
Copyright 2010, SecurityFocus