CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-8258

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile4.62th
Published2019年3月5日
Last Modified2024年11月21日

Vulnerability Description

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

Affected Platforms (CPE)

📦
Uvnc

Ultravnc

< 1.2.2.3
📦
Siemens

Sinumerik Access Mymachine\/p2p

< 4.8
📦
Siemens

Sinumerik Pcu Base Win10 Software\/ipc

< 14.00
📦
Siemens

Sinumerik Pcu Base Win7 Software\/ipc

<= 12.01

References & Advisories

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
🔗 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-161-06
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
🔗 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-161-06

相关漏洞威胁

CVE-2009-038810.0

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a deni...

CVE-2006-220610.0

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allow...

CVE-2019-82609.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. T...

CVE-2019-82619.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication ov...