CVE-2008-5001

Name of the Vulnerable Software and Affected Versions UltraVNC versions 1.0.2 through 1.0.4

Description The issue is related to multiple stack-based buffer overflows in functions within vncviewer/FileTransfer.cpp. This occurs when UltraVNC is in LISTENING mode or when using the DSM plugin, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters.

Recommendations For UltraVNC versions 1.0.2 through 1.0.4, consider updating to a version released after 01252008 to resolve the issue. As a temporary workaround, consider disabling the LISTENING mode and the DSM plugin until a patch is available. Avoid using unspecified parameters in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.