PT-2019-4939 · Ultravnc · Ultravnc

Publicado

2019-03-05

Atualizado

2021-06-28

CVE-2019-8265

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to revision 1208

Description The issue is related to a buffer overflow in the memory of the UltraVNC VNC client, which can be exploited by a remote attacker to execute arbitrary code using a set of commands, including SETPIXELS. This vulnerability can be exploited via network connectivity.

Recommendations For versions prior to revision 1208, update to revision 1208 or later to resolve the issue. As a temporary workaround, consider restricting access to the SETPIXELS macro in the VNC client code until a patch is available.

Correção

Access of Memory Location After End of Buffer

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-788CWE-787CWE-125

Identificadores relacionados

BDU:2020-01547

CVE-2019-8265

Produtos afetados

Ultravnc

PT-2019-4939 · Ultravnc · Ultravnc

CVE-2019-8265

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11