UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer…
Kaspersky·CWE-788·Published 2019-03-08
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208.
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208.
UltraVNC, en su revisión 1207, tiene múltiples vulnerabilidades de acceso fuera de límites conectadas al uso incorrecto de la función ClientConnection::Copybuffer en el código VNC del cliente, lo que podría resultar en una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. Se requiere la interacción del usuario para desencadenar estas vulnerabilidades. Se han solucionado estas vulnerabilidades en la revisión 1208.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.5 | 10.0 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |