This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer overflow vulnerability in VNCViewer.
UltraVNC is a client/server remote access suite that allows remote users to access desktops as if they were local users. It was formerly known as Ultr@VNC.
UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.
The problem presents itself when an excessively long string value is processed by the 'ClientConnection::NegotiateProtocolVersion()' function of the 'ClientConnection.cpp' source file. An attacker can exploit this issue by sending malicious data to an instance of VNCViewer in 'LISTENING' mode or by enticing a vulnerable user into connecting to a malicious server.
Successful exploit may allow attackers to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application.