Vulnerability CVE-2019-8274


Published: 2019-03-08   Modified: 2019-03-09

Description:
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
UVNC -> Ultravnc 

 References:
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/

Copyright 2024, cxsecurity.com

 

Back to Top