CVE-2008-4770 - OpenCVE

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Realvnc	Realvnc

Configuration 1 [-]

OR	cpe:2.3:a:realvnc:realvnc:4.0::free:::::
	cpe:2.3:a:realvnc:realvnc:4.1.2::free:::::
	cpe:2.3:a:realvnc:realvnc:4.4.2::enterprise:::::
	cpe:2.3:a:realvnc:realvnc:e4.0::enterprise:::::
	cpe:2.3:a:realvnc:realvnc:p4.0::personal:::::
	cpe:2.3:a:realvnc:realvnc:p4.4.2::personal:::::

References

Link	Resource
http://secunia.com/advisories/32317
http://secunia.com/advisories/33689
http://secunia.com/advisories/34184
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml
http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/upgrade.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0261.html
http://www.securityfocus.com/bid/31832
http://www.securityfocus.com/bid/33263
http://www.vupen.com/english/advisories/2008/2868
https://exchange.xforce.ibmcloud.com/vulnerabilities/45969
https://exchange.xforce.ibmcloud.com/vulnerabilities/47937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-16T21:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2008-10-28T00:00:00

Link: CVE-2008-4770

JSON object: View

NVD Information

Status : Modified

Published: 2009-01-16T21:30:03.327

Modified: 2017-09-29T01:32:20.743

Link: CVE-2008-4770

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to \"encoding type.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200903-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.realvnc.com/products/upgrade.html"}, {"name": "FEDORA-2009-1001", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.realvnc.com/products/free/4.1/release-notes.html"}, {"name": "33689", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33689"}, {"name": "34184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34184"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1"}, {"name": "248526", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1"}, {"name": "31832", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31832"}, {"name": "realvnc-cmsgreader-code-execution(45969)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45969"}, {"name": "33263", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33263"}, {"name": "32317", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32317"}, {"name": "ADV-2008-2868", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2868"}, {"name": "[vnc-list] 20081126 VNC Viewer Vulnerability CVE-2008-4770", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html"}, {"name": "realvnc-rfb-protocol-code-execution(47937)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47937"}, {"name": "oval:org.mitre.oval:def:9367", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367"}, {"name": "RHSA-2009:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0261.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4770", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to \"encoding type.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200903-17", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml"}, {"name": "http://www.realvnc.com/products/upgrade.html", "refsource": "CONFIRM", "url": "http://www.realvnc.com/products/upgrade.html"}, {"name": "FEDORA-2009-1001", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html"}, {"name": "http://www.realvnc.com/products/free/4.1/release-notes.html", "refsource": "CONFIRM", "url": "http://www.realvnc.com/products/free/4.1/release-notes.html"}, {"name": "33689", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33689"}, {"name": "34184", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34184"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1"}, {"name": "248526", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1"}, {"name": "31832", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31832"}, {"name": "realvnc-cmsgreader-code-execution(45969)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45969"}, {"name": "33263", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33263"}, {"name": "32317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32317"}, {"name": "ADV-2008-2868", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2868"}, {"name": "[vnc-list] 20081126 VNC Viewer Vulnerability CVE-2008-4770", "refsource": "MLIST", "url": "http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html"}, {"name": "realvnc-rfb-protocol-code-execution(47937)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47937"}, {"name": "oval:org.mitre.oval:def:9367", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367"}, {"name": "RHSA-2009:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-0261.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4770", "datePublished": "2009-01-16T21:00:00", "dateReserved": "2008-10-28T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realvnc:realvnc:4.0:*:free:*:*:*:*:*", "matchCriteriaId": "D33C48F6-27C1-4AA4-A027-71E06E31B53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:realvnc:realvnc:4.1.2:*:free:*:*:*:*:*", "matchCriteriaId": "1D102EDC-3B06-4880-8A93-155562A2B209", "vulnerable": true}, {"criteria": "cpe:2.3:a:realvnc:realvnc:4.4.2:*:enterprise:*:*:*:*:*", "matchCriteriaId": "80F206D4-09C2-478C-A429-C672B635EF10", "vulnerable": true}, {"criteria": "cpe:2.3:a:realvnc:realvnc:e4.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "48BE82EC-F0F2-425C-A7DB-63EFF4A7702E", "vulnerable": true}, {"criteria": "cpe:2.3:a:realvnc:realvnc:p4.0:*:personal:*:*:*:*:*", "matchCriteriaId": "2785BEA3-4A77-4204-92D1-F66140302B2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:realvnc:realvnc:p4.4.2:*:personal:*:*:*:*:*", "matchCriteriaId": "5140685C-E1CF-4B07-82DE-EAD311994E7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to \"encoding type.\""}, {"lang": "es", "value": "La funci\u00f3n CMsgReader::readRect en el componente VNC Viewer en RealVNC VNC Free Edition v4.0 hasta v4.1.2, Enterprise Edition vE4.0 hasta vE4.4.2, y Personal Edition vP4.0 hasta vP4.4.2 permite a servidores remotos VNC ejecutar c\u00f3digo de su elecci\u00f3n mediante el protocolo de datos RFB manipulado, relacionado con \"tipo codificado\"."}], "id": "CVE-2008-4770", "lastModified": "2017-09-29T01:32:20.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-16T21:30:03.327", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32317"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33689"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34184"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml"}, {"source": "cve@mitre.org", "url": "http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html"}, {"source": "cve@mitre.org", "url": "http://www.realvnc.com/products/free/4.1/release-notes.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.realvnc.com/products/upgrade.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2009-0261.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31832"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33263"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2868"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45969"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47937"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}