Thursday, February 5, 2009

TightVNC / UltraVNC Multiple Integer Overflow Vulnerabilities

The errors were found in UltraVNC 1.0.2 and 1.0.5 and TightVNC 1.3.9 and it is probable that previous versions are also vulnerable. The holes are fixed in UltraVNC 1.0.5.4 and TightVNC 1.3.10. While the new version of UltraVNC is already available, TightVNC users will have to wait till February 10th for the release of the fixed version. Users who compile TightVNC from source will find the errors already fixed in the TightVNC repository.

----------------------

Exploit Code = http://www.milw0rm.com/exploits/7990

No comments:

Post a Comment