CyberSec.Space Logo
Back to CVE Browser

CVE-2001-0168

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile38.27th
PublishedMay 3, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.

Affected Platforms (CPE)

πŸ“¦
Att

Winvnc

<= 3.3.3r7

References & Advisories

πŸ”— http://marc.info/?l=vnc-list&m=98080763005455&w=2
πŸ”— http://www.kb.cert.org/vuls/id/598581
πŸ”— http://www.securityfocus.com/bid/2306
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/6026
πŸ”— http://marc.info/?l=vnc-list&m=98080763005455&w=2
πŸ”— http://www.kb.cert.org/vuls/id/598581
πŸ”— http://www.securityfocus.com/bid/2306
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/6026

Related Vulnerabilities

CVE-2001-159410.0

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polest...

CVE-2000-11649.0

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which...

CVE-2001-01677.6

Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary...

CVE-2001-14227.5

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC...