UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
[
{
"product": "UltraVNC",
"vendor": "UltraVNC",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
]