10
CVE-2008-4770
- EPSS 4.05%
- Veröffentlicht 16.01.2009 21:30:03
- Zuletzt bearbeitet 16.06.2026 22:58:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.05% | 0.893 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.realvnc.com/products/free/4.1/release-notes.html
http://secunia.com/advisories/32317
http://secunia.com/advisories/33689
http://secunia.com/advisories/34184
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1
http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml
http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
http://www.realvnc.com/products/upgrade.html
http://www.redhat.com/support/errata/RHSA-2009-0261.html
http://www.securityfocus.com/bid/31832
http://www.securityfocus.com/bid/33263
http://www.vupen.com/english/advisories/2008/2868
https://exchange.xforce.ibmcloud.com/vulnerabilities/45969
https://exchange.xforce.ibmcloud.com/vulnerabilities/47937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html