Test Kennung:	1.3.6.1.4.1.25623.1.0.900471
Kategorie:	Buffer overflow
Titel:	UltraVNC ClientConnection Multiple Integer Overflow Vulnerabilities - Windows
Zusammenfassung:	UltraVNC is prone to Multiple Integer Overflow Vulnerability.
Beschreibung:	Summary: UltraVNC is prone to Multiple Integer Overflow Vulnerability. Vulnerability Insight: Multiple Integer Overflow due to signedness errors within the functions ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize in ClientConnection.cpp file fails to validate user input. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the application and may cause remote code execution to compromise the affected remote system. Affected Software/OS: UltraVNC version prior to 1.0.5.4 on Windows. Solution: Upgrade to the latest version 1.0.5.4. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0388 BugTraq ID: 33568 http://www.securityfocus.com/bid/33568 Bugtraq: 20090203 CORE-2008-1009 - VNC Multiple Integer Overflows (Google Search) http://www.securityfocus.com/archive/1/500632/100/0/threaded https://www.exploit-db.com/exploits/7990 https://www.exploit-db.com/exploits/8024 http://www.coresecurity.com/content/vnc-integer-overflows http://secunia.com/advisories/33807 http://www.vupen.com/english/advisories/2009/0321 http://www.vupen.com/english/advisories/2009/0322
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.