CVE-2009-0388
First published: Wed Feb 04 2009(Updated: )
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ultravnc Ultravnc | =1.0.5 | |
| Ultravnc Ultravnc | =1.0.2 | |
| Tightvnc Tightvnc | =1.3.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
- http://www.securityfocus.com/bid/33568
- http://www.coresecurity.com/content/vnc-integer-overflows
- http://secunia.com/advisories/33807
- http://forum.ultravnc.info/viewtopic.php?t=14654
- http://www.vupen.com/english/advisories/2009/0321
- http://www.vupen.com/english/advisories/2009/0322
- https://www.exploit-db.com/exploits/8024
- https://www.exploit-db.com/exploits/7990
- http://www.securityfocus.com/archive/1/500632/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ultravnc
- canonical/ultravnc ultravnc
- version/ultravnc ultravnc/1.0.5
- version/ultravnc ultravnc/1.0.2
- vendor/tightvnc
- canonical/tightvnc tightvnc
- version/tightvnc tightvnc/1.3.9