CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.8%
Added: 02/20/2009
CVE: CVE-2009-0388
BID: 33568
UltraVNC is free software for remote desktop access.
Multiple integer overflow vulnerabilities in the **ClientConnection**
class allow command execution when a user connects to a VNC server which sends a message with a large length value.
Upgrade to UltraVNC Viewer 1.0.5.4 or higher.
<http://www.securityfocus.com/archive/1/500632>
Exploit works on UltraVNC 1.0.5.3 and requires a user to connect to the exploit server.
Due to the nature of the vulnerability, the success of this exploit may depend on the state of the target system.
Windows