CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8258

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile4.62th
PublishedMar 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

Affected Platforms (CPE)

πŸ“¦
Uvnc

Ultravnc

< 1.2.2.3
πŸ“¦
Siemens

Sinumerik Access Mymachine\/p2p

< 4.8
πŸ“¦
Siemens

Sinumerik Pcu Base Win10 Software\/ipc

< 14.00
πŸ“¦
Siemens

Sinumerik Pcu Base Win7 Software\/ipc

<= 12.01

References & Advisories

πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
πŸ”— https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-161-06
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
πŸ”— https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-161-06

Related Vulnerabilities

CVE-2009-038810.0

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a deni...

CVE-2006-220610.0

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allow...

CVE-2019-82609.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. T...

CVE-2019-82619.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication ov...