1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: UltraVNC VNCViewer CVE-2008-0610

Attack: UltraVNC VNCViewer CVE-2008-0610

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in VNCViewer.

Additional Information

UltraVNC is a client/server remote access suite that allows remote users to access desktops as if they were local users. It was formerly known as Ultr@VNC.

UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.

The problem presents itself when an excessively long string value is processed by the 'ClientConnection::NegotiateProtocolVersion()' function of the 'ClientConnection.cpp' source file. An attacker can exploit this issue by sending malicious data to an instance of VNCViewer in 'LISTENING' mode or by enticing a vulnerable user into connecting to a malicious server.

Successful exploit may allow attackers to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application.

Affected

  • UltraVNC VNCViewer 1.0.2
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube