UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory |
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/ | Third Party Advisory |
https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Kaspersky
Published: 2019-03-01T00:00:00
Updated: 2020-06-12T20:54:20
Reserved: 2019-02-12T00:00:00
Link: CVE-2019-8272
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-08T23:29:00.763
Modified: 2020-10-22T16:46:48.113
Link: CVE-2019-8272
JSON object: View
Redhat Information
No data.
CWE