PT-2021-4944 · Tightvnc · Tightvnc Viewer

Eugene Lim

Published

2021-09-17

Updated

2021-11-29

CVE-2021-42785

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TightVNC Viewer (affected versions not specified)

Description The issue is related to a Buffer Overflow vulnerability in the tvnviewer.exe component of TightVNC Viewer. This vulnerability allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. The vulnerability is caused by a lack of size checking for input data, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2021-05697

CVE-2021-42785

Affected Products

Tightvnc Viewer

PT-2021-4944 · Tightvnc · Tightvnc Viewer

CVE-2021-42785

Weakness Enumeration

Related Identifiers

Affected Products

References · 8