Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

vncviewer 1.0.4 release security fix: exploit

Post Reply
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

vncviewer 1.0.4 release security fix: exploit

Post by redge »

Update
UltraVNC viewer 1.0.4 release security fix built 8 February 2008


[s]UltraVNC viewer 1.0.4 release security fix built 25 January 2008
[/s]
UltraSam wrote: Viewer 102 and latest 104RC have the same vulnerability Embarassed

- The vulnerability is only for the vncviewer
It could allow a perpetrator to take the control of a machine running the vncviewer in LISTENING mode
It could allow a pretending-UltraVNC-server-hostile-machine to take the control of a machine trying to connect to this hostile server using the vncviewer.

The UltraVNC server does NOT have this vulnerability

- This vulnerability could be exploited when a DSM Plugin is used, but only if the perpetrator has the encryption key file used by the vncviewer.


=> It is recommended:

- To upgrade your vncviewer.exe, for ALL versions.
- Or to avoid to use the vncviewer in listening mode
- Or to always connect on trusted UltraVNC servers
- Or to always use a DSM plugin

Fixed version available via the Download link on home page

http://www.uvnc.com

SVN source code has also been updated
download vncviewer.zip from sourceforge
or
direct download vncviewer.exe from url of moderator redge
Last edited by redge on 2009-07-11 22:20, edited 5 times in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Post Reply