返回 CVE 瀏覽器

CVE-2001-0168

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0480%

EPSS Percentile38.27th

Published2001年5月3日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.

Affected Platforms (CPE)

📦

Att

Winvnc

<= 3.3.3r7

References & Advisories

🔗 http://marc.info/?l=vnc-list&m=98080763005455&w=2

🔗 http://www.kb.cert.org/vuls/id/598581

🔗 http://www.securityfocus.com/bid/2306

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/6026

🔗 http://marc.info/?l=vnc-list&m=98080763005455&w=2

🔗 http://www.kb.cert.org/vuls/id/598581

🔗 http://www.securityfocus.com/bid/2306

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/6026

相關漏洞威脅

CVE-2001-159410.0

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polest...

CVE-2000-11649.0

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which...

CVE-2001-01677.6

Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary...

CVE-2001-14227.5

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC...