Vulnerabilities in UltraVNC and TightVNC
Bugs in the VNC viewing clients UltraVNC and TightVNC can be exploited to compromise a user. To be a victim though you must be connected to a malicious VNC server. According to Core Security, who discovered the holes, the cause of the problems are several integer overflows in the code of
ClientConnection.cpp. Both UltraVNC and TightVNC are derived from the same code base.
The errors were found in UltraVNC 1.0.2 and 1.0.5 and TightVNC 1.3.9 and it is probable that previous versions are also vulnerable. The holes are fixed in UltraVNC 126.96.36.199 and TightVNC 1.3.10. While the new version of UltraVNC is already available, TightVNC users will have to wait till February 10th for the release of the fixed version. Users who compile TightVNC from source will find the errors already fixed in the TightVNC repository.
- New VNCVIEWER vulnerability found and fixd - Feb. 3d 2009, UltraVNC report.
- VNC Multiple Integer Overflows, Core Security report.