10

CVE-2009-0388

Exploit
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TightvncTightvnc Version1.3.9
UltravncUltravnc Version1.0.2
UltravncUltravnc Version1.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.33% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://forum.ultravnc.info/viewtopic.php?t=14654
http://secunia.com/advisories/33807
http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
http://www.coresecurity.com/content/vnc-integer-overflows
Exploit
http://www.securityfocus.com/archive/1/500632/100/0/threaded
http://www.securityfocus.com/bid/33568
Patch
Exploit
http://www.vupen.com/english/advisories/2009/0321
http://www.vupen.com/english/advisories/2009/0322
https://www.exploit-db.com/exploits/7990
https://www.exploit-db.com/exploits/8024