CVE-2009-0388 - Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remo

CVE-2009-0388

Summary

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.

References

Vulnerable Configurations

cpe:2.3:a:tightvnc:tightvnc:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:ultravnc:ultravnc:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ultravnc:ultravnc:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ultravnc:ultravnc:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ultravnc:ultravnc:1.0.5:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-10-2018 - 21:01)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	33568
bugtraq	20090203 CORE-2008-1009 - VNC Multiple Integer Overflows
confirm	http://forum.ultravnc.info/viewtopic.php?t=14654 http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
exploit-db	7990 8024
misc	http://www.coresecurity.com/content/vnc-integer-overflows
secunia	33807
vupen	ADV-2009-0321 ADV-2009-0322

saint via4

bid	33568
description	UltraVNC ClientConnection integer overflow
id	misc_vncview
title	ultravnc_clientconnection_int
type	client

Last major update

11-10-2018 - 21:01

Published

04-02-2009 - 19:30

Last modified

11-10-2018 - 21:01