In association with heise online

22 October 2008, 14:28

Vulnerability in RealVNC’s free viewer allows access to the client

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

RealVNC's free VNC Viewer contains an error, which allows an attacker to execute code on a client machine. For this to take place, the victim has to be connected to a malicious server. The privileges of the remotely injected code are dependent on the rights that the user was working under at the time of the attack. The bug was found in version 4.1.2 and happens when specially crafted server packets are processed. Version 4.1.3 fixes the error.

A similar problem of undesired remote access was discovered early this year in the UltraVNC client. That vulnerability was also exploitable in connection with the listening mode.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit