CVE-2006-1652

Name of the Vulnerable Software and Affected Versions: UltraVNC versions 1.0.1 and earlier tabbed viewer version 1.29

Description: The issue concerns buffer overflows that can be triggered by a malicious server sending a long string to a client connected on TCP port 5900, causing an overflow in Log::ReallyPrint and potentially allowing remote attackers to execute arbitrary code. Additionally, a long HTTP GET request to TCP port 5800 can trigger an overflow in VNCLog::ReallyPrint, leading to a denial of service (server crash).

Recommendations: For UltraVNC versions 1.0.1 and earlier, consider disabling the Log::ReallyPrint function until a patch is available. For tabbed viewer version 1.29, restrict access to TCP port 5800 to minimize the risk of exploitation. As a temporary workaround, consider disabling the VNCLog::ReallyPrint function in tabbed viewer until a patch is available.