CVE-2008-5001
published 2008-11-10CVE-2008-5001: Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in…
PriorityP338critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.59%
91.9th percentile
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ultravnc | ultravnc | — | — |
| ultravnc | ultravnc | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-3787 [CRITICAL] CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3787 :
UltraVNC vulnerability analysis and mitigation
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 7.3
Score
Published March 8, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
UltraVNC
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-4962 [CRITICAL] CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4962 :
UltraVNC vulnerability analysis and mitigation
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 7.3
Score
Published March 27, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
UltraVNC
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N
Bugzilla
CVE-2007-5001 kernel asynchronous IO on a FIFO kernel panic
bugzilla·2007-10-10·CVSS 4.9
CVE-2007-5001 [MEDIUM] CVE-2007-5001 kernel asynchronous IO on a FIFO kernel panic
CVE-2007-5001 kernel asynchronous IO on a FIFO kernel panic
Using asynchronous IO on a FIFO causes RHEL 3U9 to kernel panic.
(Does not occur in RHEL 4 as the pipe_write function has been re-written)
This is a security issue because a local unprivileged user can cause a kernel panic.
Reproducer in bz#311621
Discussion:
This issue posted on 2008-06-05 to upstream security list. Reviewed and
confirmed by Don Howard and Josef Bacik, this issue not present in upstream
vanilla 2.4.21 kernel -> lifting the embargo for this one.
---
This was addressed via:
Red Hat Enterprise Linux version 3 (RHSA-2008:0211)
http://forum.ultravnc.info/viewtopic.php?p=45150#45150http://secunia.com/advisories/28804http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/FileTransfer.cpp?view=log#rev183http://www.securityfocus.com/bid/27687http://www.vupen.com/english/advisories/2008/0486http://forum.ultravnc.info/viewtopic.php?p=45150#45150http://secunia.com/advisories/28804http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/FileTransfer.cpp?view=log#rev183http://www.securityfocus.com/bid/27687http://www.vupen.com/english/advisories/2008/0486
2008-11-10
Published