Hello,
I registered on this forum to specifically disclose that release 1.0.6.x is vulnerable to a specific problem relating to the way Ultra VNC handles the loading of external libraries when opening filetypes related to the program. In this case, when opening .vnc files, version 1.0.6.x will attempt to open up any and all external dlls located in the source folder of the file. An attacker can supply a malicious dll at this point and quickly take control of the system. I was using Windows Vista as my Windows version, but this vulnerability will work on any version of Windows in existence.
Here is a post from the researcher that discovered and publicized this: http://blog.metasploit.com/2010/08/expl ... flaws.html
Here is the MS Security Advisory:
https://www.microsoft.com/technet/secur ... 69637.mspx
If you have any questions, feel free to reply to this post or email me. If you feel this post needs to be deleted, I don't care. You guys did not have a support contact email. Also your forums send users their passwords in cleartext in the activation email. Shame on you for that.
-g3k