CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-0388

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0160%
EPSS Percentile17.38th
Published2009年2月4日
Last Modified2026年4月23日

Vulnerability Description

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.

Affected Platforms (CPE)

📦
Tightvnc

Tightvnc

= 1.3.9
📦
Ultravnc

Ultravnc

= 1.0.2
📦
Ultravnc

Ultravnc

= 1.0.5

References & Advisories

🔗 http://forum.ultravnc.info/viewtopic.php?t=14654
🔗 http://secunia.com/advisories/33807
🔗 http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564
🔗 http://www.coresecurity.com/content/vnc-integer-overflows
🔗 http://www.securityfocus.com/archive/1/500632/100/0/threaded
🔗 http://www.securityfocus.com/bid/33568
🔗 http://www.vupen.com/english/advisories/2009/0321
🔗 http://www.vupen.com/english/advisories/2009/0322

関連する脆弱性情報

CVE-2019-156789.8

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code executio...

CVE-2019-156799.8

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code ...

CVE-2019-82879.8

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code e...

CVE-2021-427859.8

Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a...