CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15361

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile17.39th
PublishedMar 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

Affected Platforms (CPE)

πŸ“¦
Uvnc

Ultravnc

< 1.2.2.3

References & Advisories

πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
πŸ”— https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-161-06
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
πŸ”— https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-161-06

Related Vulnerabilities

CVE-2009-038810.0

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a deni...

CVE-2006-220610.0

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allow...

CVE-2019-82609.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. T...

CVE-2019-82619.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication ov...