First published: Fri Mar 01 2019(Updated: )
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
Credit: vulnerability@kaspersky.com
Affected Software | Affected Version | How to fix |
---|---|---|
Uvnc Ultravnc | <1.2.2.3 | |
Siemens Sinumerik Access Mymachine\/p2p | <4.8 | |
Siemens Sinumerik Pcu Base Win10 Software\/ipc | <14.00 | |
Siemens Sinumerik Pcu Base Win7 Software\/ipc | <=12.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.