ID de Prueba:	1.3.6.1.4.1.25623.1.0.900473
Categoría:	Buffer overflow
Título:	TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities - Windows
Resumen:	TightVNC is prone to Multiple Integer Overflow Vulnerability.
Descripción:	Summary: TightVNC is prone to Multiple Integer Overflow Vulnerability. Vulnerability Insight: Multiple Integer Overflow due to signedness errors within the functions ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize in ClientConnection.cpp file fails to validate user input. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the application and may cause remote code execution to compromise the affected remote system. Affected Software/OS: TightVNC version 1.3.9 and prior on Windows. Solution: Upgrade to the latest version 1.3.10. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0388 BugTraq ID: 33568 http://www.securityfocus.com/bid/33568 Bugtraq: 20090203 CORE-2008-1009 - VNC Multiple Integer Overflows (Google Search) http://www.securityfocus.com/archive/1/500632/100/0/threaded https://www.exploit-db.com/exploits/7990 https://www.exploit-db.com/exploits/8024 http://www.coresecurity.com/content/vnc-integer-overflows http://secunia.com/advisories/33807 http://www.vupen.com/english/advisories/2009/0321 http://www.vupen.com/english/advisories/2009/0322
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.