UltraVNC viewer 1.0.4 release security fix built 8 February 2008
[s]UltraVNC viewer 1.0.4 release security fix built 25 January 2008
[/s]
download vncviewer.zip from sourceforgeUltraSam wrote: Viewer 102 and latest 104RC have the same vulnerability Embarassed
- The vulnerability is only for the vncviewer
It could allow a perpetrator to take the control of a machine running the vncviewer in LISTENING mode
It could allow a pretending-UltraVNC-server-hostile-machine to take the control of a machine trying to connect to this hostile server using the vncviewer.
The UltraVNC server does NOT have this vulnerability
- This vulnerability could be exploited when a DSM Plugin is used, but only if the perpetrator has the encryption key file used by the vncviewer.
=> It is recommended:
- To upgrade your vncviewer.exe, for ALL versions.
- Or to avoid to use the vncviewer in listening mode
- Or to always connect on trusted UltraVNC servers
- Or to always use a DSM plugin
Fixed version available via the Download link on home page
http://www.uvnc.com
SVN source code has also been updated
or
direct download vncviewer.exe from url of moderator redge