CVE-2009-0388
First published: Wed Feb 04 2009(Updated: )
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TightVNC | =1.3.9 | |
| UltraVNC | =1.0.2 | |
| UltraVNC | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
- http://www.securityfocus.com/bid/33568
- http://www.coresecurity.com/content/vnc-integer-overflows
- http://secunia.com/advisories/33807
- http://forum.ultravnc.info/viewtopic.php?t=14654
- http://www.vupen.com/english/advisories/2009/0321
- http://www.vupen.com/english/advisories/2009/0322
- https://www.exploit-db.com/exploits/8024
- https://www.exploit-db.com/exploits/7990
- http://www.securityfocus.com/archive/1/500632/100/0/threaded
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/event
- vendor/tightvnc
- canonical/tightvnc
- version/tightvnc/1.3.9
- vendor/ultravnc
- canonical/ultravnc
- version/ultravnc/1.0.2
- version/ultravnc/1.0.5