Advisories

KLCERT-19-014: UltraVNC Out-of-bounds Read

01 March 2019

UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208. Successful exploitation of this vulnerability could allow an attacker to cause denial of service.
KLCERT-19-013: UltraVNC Access of Memory Location After End of Buffer

01 March 2019

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result code execution. This attack appear to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-012: UltraVNC Access of Memory Location After End of Buffer

01 March 2019

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result code execution. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-011: UltraVNC Access of Memory Location After End of Buffer

01 March 2019

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-010: UltraVNC Stack-based Buffer Overflow

01 March 2019

UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206. Successful exploitation of this vulnerability could allow an attacker to cause denial of service.
KLCERT-19-009: UltraVNC Access of Memory Location After End of Buffer

01 March 2019

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-008: UltraVNC Heap-based Buffer Overflow

01 March 2019

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results code execution. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-007: UltraVNC Out-of-bound Read

01 March 2019

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-006: UltraVNC Out-of-bound Read

01 March 2019

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
KLCERT-19-005: UltraVNC Memory Leak

01 March 2019

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.