AT&T WinVNC Server Buffer Overflow Vulnerability

WinVNC is a freely available software package designed to give remote desktop access to servers using the client/server. It is distributed and maintained by AT&T.

A problem with the WinVNC server could allow remote users to arbitrarily execute code. The problem is due to the handling of HTTP requests when a non-zero debug level has been set. HTTP requests are placed into a buffer of 1024 bytes, and when the Windows registry key DebugLevel is set to a value greater than 0, the HTTP request is logged using the method ReallyPrint(), which contains a fixed buffer of 1024 bytes. It is possible to generate a custom crafted HTTP request to the WinVNC server that will overwrite variables on the stack, including the return address.

A malicious user can use this vulnerability to execute arbitrary code with privileges of the WinVNC server process, and potentially gain access to the local system.


Privacy Statement
Copyright 2010, SecurityFocus