Added: 02/20/2009
CVE: CVE-2009-0388
BID: 33568
UltraVNC is free software for remote desktop access.
Multiple integer overflow vulnerabilities in the **ClientConnection**
class allow command execution when a user connects to a VNC server which sends a message with a large length value.
Upgrade to UltraVNC Viewer 1.0.5.4 or higher.
<http://www.securityfocus.com/archive/1/500632>
Exploit works on UltraVNC 1.0.5.3 and requires a user to connect to the exploit server.
Due to the nature of the vulnerability, the success of this exploit may depend on the state of the target system.
Windows