Vulnerability in RealVNC’s free viewer allows access to the client
RealVNC's free VNC Viewer contains an error, which allows an attacker to execute code on a client machine. For this to take place, the victim has to be connected to a malicious server. The privileges of the remotely injected code are dependent on the rights that the user was working under at the time of the attack. The bug was found in version 4.1.2 and happens when specially crafted server packets are processed. Version 4.1.3 fixes the error.
A similar problem of undesired remote access was discovered early this year in the UltraVNC client. That vulnerability was also exploitable in connection with the listening mode.
- VNC Free Edition 4.1, release notes for all 4.1 versions