Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0610 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ultravnc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources

Severity

9.3CRITICALNVD

EPSS

74.8%

top 1.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Ultravnc

Timeline

PublishedFeb 6

Latest updateMay 17

Description

Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDultravnc/ultravnc5 versions+4

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-fggx-77cq-hgm9: Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer↗2022-05-17

▶

GHSA

GHSA-vm88-xwrf-p2q7: Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

UltraVNC 1.0.2 Client - 'vncviewer.exe' Remote Buffer Overflow (Metasploit)↗2012-03-26

▶

Metasploit

UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow↗

▶