VNC vulnerability research

Developers may discuss here.

VNC vulnerability research

Postby Sainsuper » 2019-11-25 16:15

Hello,
Kaspersky research have published many security vulnerability in many version of vnc, ultravnc too.

here a link:

https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/

Regard
SainSuper
Sainsuper
40
40
 
Posts: 87
Joined: 2008-04-02 10:47

Re: VNC vulnerability research

Postby Rudi De Vos » 2019-11-25 20:48

We know, we are already a year in communication, issue's were fixed in the 1.2.2.4 (03/19) update.

Theissue's were in the viewer.
If you connect to a fake server, the server could send fake screen updates with bigger sizes then expected.
This could cause buffer overflows
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 6110
Joined: 2004-04-23 10:21

Re: VNC vulnerability research

Postby Sainsuper » 2019-11-26 14:21

ok thanks rudi fior fast answer
Sainsuper
40
40
 
Posts: 87
Joined: 2008-04-02 10:47


Return to Developer discussions (mainly user-mode)

Who is online

Users browsing this forum: No registered users and 3 guests