Detections
Analytics

UltraVNC Viewer < 1.0.5.4 Multiple Integer Overflows

critical Nessus Plugin ID 35608

Synopsis

The remote Windows host has an application that is affected by multiple integer overflows.

Description

The installed version of UltraVNC Viewer is earlier than 1.0.5.4. Such versions reportedly miscalculate a buffer size on the heap. If an attacker can trick a user on the remote host into connecting to a malicious server, the attacker can probably exploit this issue using specially crafted messages to execute code on the affected host subject to the user's privileges.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to UltraVNC 1.0.5.4 or later.

See Also

http://www.coresecurity.com/content/vnc-integer-overflows

https://www.securityfocus.com/archive/1/500632/30/0/threaded

http://www.uvnc.com/download/1054/

Plugin Details

Severity: Critical

ID: 35608

File Name: ultravnc_1_0_5_4.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 2/6/2009

Updated: 9/16/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2009-0388

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ultravnc:ultravnc

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0388

BID: 33568

CWE: 189