CVE-2008-4770

Name of the Vulnerable Software and Affected Versions RealVNC VNC Free Edition versions 4.0 through 4.1.2 RealVNC VNC Enterprise Edition versions E4.0 through E4.4.2 RealVNC VNC Personal Edition versions P4.0 through P4.4.2

Description The issue allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." This is due to a problem in the CMsgReader::readRect function in the VNC Viewer component. The vulnerability can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For RealVNC VNC Free Edition versions 4.0 through 4.1.2, update to a version outside of this range to resolve the issue. For RealVNC VNC Enterprise Edition versions E4.0 through E4.4.2, update to a version outside of this range to resolve the issue. For RealVNC VNC Personal Edition versions P4.0 through P4.4.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the VNC Viewer component until a patch is available.