---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: UltraVNC vncviewer Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA28804 VERIFY ADVISORY: http://secunia.com/advisories/28804/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: UltraVNC (formerly Ultr@VNC) 1.x http://secunia.com/product/2836/ DESCRIPTION: Some vulnerabilities have been reported in UltraVNC, which can potentially be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to multiple boundary errors within the vncviewer/FileTransfer.cpp file. These can be exploited to cause stack-based buffer overflows by e.g. sending specially crafted data to a vncviewer in "LISTENING" mode or by tricking a user into connecting to a malicious VNC server. Successful exploitation may allow execution of arbitrary code. This may also be exploited if a DSM plugin is used, but requires that the attacker owns the encryption key used by vncviewer. The vulnerability is reported in version 102 and in release candidates of version 1.0.4 prior to February 4th, 2008. SOLUTION: Apply updated version. http://downloads.sourceforge.net/ultravnc/UltraVNC-Viewer-104-Security-Update-2---Feb-8-2008.zip PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://forum.ultravnc.info/viewtopic.php?p=45150#45150 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------