Andres Lopez Luksenberg

**Name of the Vulnerable Software and Affected Versions** Fortinet Single Sign On (FSSO) versions prior to build 164 **Description** The issue is related to a stack-based buffer overflow in the collectoragent.exe component. This can be exploited by remote attackers who send a large PROCESS HELLO message to the Message Dispatcher on TCP port 8000, potentially allowing them to execute arbitrary code. **Recommendations** For versions prior to build 164, update to build 164 or later to resolve the issue. As a temporary workaround, consider restricting access to the Message Dispatcher on TCP port 8000 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UltraVNC versions 1.0.2 through 1.0.5 TightVnc version 1.3.9 **Description** The issue is related to multiple integer signedness errors that can be exploited by remote VNC servers. This can lead to a denial of service, resulting in heap corruption and application crash, or possibly allow the execution of arbitrary code. The errors are related to the `ClientConnection::CheckBufferSize` and `ClientConnection::CheckFileZipBufferSize` functions in ClientConnection.cpp. A large length value in a message can trigger this issue. **Recommendations** For UltraVNC versions 1.0.2 through 1.0.5, consider disabling the `ClientConnection::CheckBufferSize` and `ClientConnection::CheckFileZipBufferSize` functions until a patch is available. For TightVnc version 1.3.9, restrict access to the ClientConnection.cpp module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.