CVE-2009-0388
CVE-2009-0388
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/8024unverifiedcve_referencewww.exploit-db.com/exploits/7990unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://forum.ultravnc.info/viewtopic.php?t=14654http://secunia.com/advisories/33807https://www.exploit-db.com/exploits/7990https://www.exploit-db.com/exploits/8024http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564http://www.coresecurity.com/content/vnc-integer-overflowshttp://www.securityfocus.com/archive/1/500632/100/0/threadedhttp://www.securityfocus.com/bid/33568http://www.vupen.com/english/advisories/2009/0321http://www.vupen.com/english/advisories/2009/0322