Multiple VNC Clients Multiple Integer Overflow Vulnerabilities

Multiple VNC clients are prone to integer-overflow vulnerabilities because they fail to properly validate data supplied by the VNC server.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable to these issues;

UltraVNC prior to 1.0.5.4
TightVNC prior to 1.3.10

Other VNC applications may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus