Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-4770

Published: 16/01/2009 Updated: 29/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Realvnc

Vulnerability Summary

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 up to and including 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

realvnc realvnc p4.4.2

realvnc realvnc p4.0

realvnc realvnc 4.4.2

realvnc realvnc 4.1.2

realvnc realvnc e4.0

realvnc realvnc 4.0

Vendor Advisories

Red Hat: Moderate: vnc security update
Synopsis Moderate: vnc security update Type/Severity Security Advisory: Moderate Topic Updated vnc packages to correct a security issue are now available for RedHat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descr ...
Debian CVElist Bug Report Logs: CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data
Debian Bug report logs - #513531 CVE-2008-4770: Arbitrary code execution via crafted RFB protocol data Package: xvnc4viewer; Maintainer for xvnc4viewer is Ola Lundqvist <opal@debianorg>; Source for xvnc4viewer is src:vnc4 (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Thu, 29 ...
Debian Security Advisories: DSA-1716-1 vnc4 -- integer overflow
It was discovered that xvnc4viewer, a virtual network computing client software for X, is prone to an integer overflow via a malicious encoding value that could lead to arbitrary code execution For the stable distribution (etch) this problem has been fixed in version 411+X430-21+etch1 For the unstable (sid) distribution this problem has been ...

References

CWE-20http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1http://www.realvnc.com/products/upgrade.htmlhttp://www.realvnc.com/pipermail/vnc-list/2008-November/059432.htmlhttp://www.securityfocus.com/bid/33263https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.htmlhttp://secunia.com/advisories/33689http://www.redhat.com/support/errata/RHSA-2009-0261.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200903-17.xmlhttp://secunia.com/advisories/34184http://secunia.com/advisories/32317http://www.vupen.com/english/advisories/2008/2868http://www.realvnc.com/products/free/4.1/release-notes.htmlhttp://www.securityfocus.com/bid/31832https://exchange.xforce.ibmcloud.com/vulnerabilities/47937https://exchange.xforce.ibmcloud.com/vulnerabilities/45969https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367https://access.redhat.com/errata/RHSA-2009:0261https://www.debian.org/security/./dsa-1716https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook