UltraVNC VNCViewer 'FileTransfer.cpp' Multiple Remote Buffer Overflow Vulnerabilities

UltraVNC VNCViewer 'FileTransfer.cpp' Multiple Remote Buffer Overflow Vulnerabilities

UltraVNC VNCViewer is affected by multiple remote buffer-overflow vulnerabilities because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.

An attacker might leverage these issues to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application. Failed exploit attempts may lead to a denial-of-service condition.

UltraVNC 1.0.2 and UltraVNC 104 release candidates released prior to February 4, 2008 are vulnerable to these issues.

NOTE: This issue affects only VNCViewer. The UltraVNC server is not affected.