QwikSec

Security Database

CVE

CWE

Training

CVE-2008-0610

Published: Feb 6, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_SECUNIA

http://forum.ultravnc.info/viewtopic.php?t=11850

x_refsource_CONFIRM

http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/ClientConnection.cpp?sortby=date&r1=169&r2=168&pathrev=169

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.