cbcvebase.
CVE-2019-8263
published 2019-03-05

CVE-2019-8263: UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS)…

PriorityP431medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
2.48%
82.6th percentile
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.

Affected

5 ranges
VendorProductVersion rangeFixed in
kaspersky_labultravnc
siemenssinumerik_access_mymachine_p2p< 4.84.8
siemenssinumerik_pcu_base_win10_software_ipc< 14.0014.00
siemenssinumerik_pcu_base_win7_software_ipc<= 12.01
uvncultravnc< 1.2.2.31.2.2.3

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.