• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow Vulnerability

UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.

An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application.

UltraVNC 1.0.2 and UltraVNC 104 release candidates released prior to January 25, 2008 are vulnerable to this issue.

NOTE: This issue affects only VNCViewer. The UltraVNC server is not affected.