CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-15361

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile17.39th
Published2019年3月5日
Last Modified2024年11月21日

Vulnerability Description

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

Affected Platforms (CPE)

📦
Uvnc

Ultravnc

< 1.2.2.3

References & Advisories

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
🔗 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-161-06
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
🔗 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-161-06

相關漏洞威脅

CVE-2009-038810.0

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a deni...

CVE-2006-220610.0

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allow...

CVE-2019-82609.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. T...

CVE-2019-82619.8

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication ov...