UltraVNC Viewer VNC client RFB SolidColor Arbitrary Write Vulnerability

UltraVNC Viewer VNC client RFB SolidColor Arbitrary Write Vulnerability
2021-12-17 06:03:08 Author: blog.exodusintel.com(查看原文) 阅读量:20 收藏

EIP-0e1ca3ec

A vulnerability exists within UltraVNC’s “vncviewer.exe” client. A malicious server can trigger an arbitrary memory write condition through a flaw in the function ClientConnection::SolidColor while drawing pixel data to the screen. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the UltraVNC Viewer process.

Vulnerability Identifiers

Exodus Intelligence: EIP-0e1ca3ec
MITRE CVE: PENDING

Vulnerability Metrics

CVSSv2 Score: 5.8

Vendor References

https://uvnc.com/downloads/ultravnc/146-ultravnc-1-3-6-0.html

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: December 8th, 2021
Disclosed to public: December 16th, 2021

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

文章来源: https://blog.exodusintel.com/2021/12/16/ultravnc-viewer-vnc-client-rfb-solidcolor-arbitrary-write-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=ultravnc-viewer-vnc-client-rfb-solidcolor-arbitrary-write-vulnerability
如有侵权请联系:admin#unsafe.sh