UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
2019-03-08T23:29:00.623
2024-11-21T04:49:36.873
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | uvnc | ultravnc | < 1.2.2.3 | Yes |
| Application | siemens | sinumerik_access_mymachine\/p2p | < 4.8 | Yes |
| Application | siemens | sinumerik_pcu_base_win10_software\/ipc | < 14.00 | Yes |
| Application | siemens | sinumerik_pcu_base_win7_software\/ipc | ≤ 12.01 | Yes |