UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
Advisories
Source ID Title
EUVD EUVD EUVD-2019-17666 UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published:

Updated: 2024-09-17T01:16:16.319Z

Reserved: 2019-02-12T00:00:00

Link: CVE-2019-8268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-08T23:29:00.623

Modified: 2024-11-21T04:49:36.873

Link: CVE-2019-8268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.