UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory |
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/ | Third Party Advisory |
https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Kaspersky
Published: 2019-03-01T00:00:00
Updated: 2020-06-12T20:52:16
Reserved: 2019-02-12T00:00:00
Link: CVE-2019-8268
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-08T23:29:00.623
Modified: 2020-10-19T17:56:30.103
Link: CVE-2019-8268
JSON object: View
Redhat Information
No data.
CWE