CVE-2019-8277

First published: Fri Mar 08 2019(Updated: )

UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Credit: vulnerability@kaspersky.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/last-modified-date
• agent/first-publish-date
• collector/ics-cert-advisory
• source/ICS
• agent/software-canonical-lookup
• agent/weakness
• agent/author
• agent/references
• agent/severity
• agent/description
• agent/event
• agent/software-canonical-lookup-request
• agent/softwarecombine
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/uvnc
• canonical/uvnc ultravnc
• vendor/siemens
• canonical/siemens sinumerik access mymachine\/p2p
• canonical/siemens sinumerik pcu base win10 software\/ipc
• canonical/siemens sinumerik pcu base win7 software\/ipc
• version/siemens sinumerik pcu base win7 software\/ipc/12.01
• canonical/siemens sinamics gh150
• canonical/siemens sinamics sh150
• canonical/siemens sinamics sl150
• canonical/siemens sinamics sm120
• canonical/siemens sinamics sm150
• canonical/siemens sinamics sm150i
• canonical/siemens simatic hmi comfort outdoor panels 7’ and 15’ (incl. siplus variants) update 4
• canonical/siemens simatic hmi comfort panels 4’to 22’ (incl. siplus variants) update 4
• canonical/siemens simatic hmi ktp mobile panels ktp400f, ktp700, ktp700f, ktp900, and ktp900f update 4
• canonical/siemens simatic wincc runtime advanced update 4