Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

VNC vulnerability research

Post Reply
Sainsuper
40
40
Posts: 96
Joined: 2008-04-02 10:47

VNC vulnerability research

Post by Sainsuper »

Hello,
Kaspersky research have published many security vulnerability in many version of vnc, ultravnc too.

here a link:

https://ics-cert.kaspersky.com/reports/ ... -research/

Regard
SainSuper
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6831
Joined: 2004-04-23 10:21
Contact:

Re: VNC vulnerability research

Post by Rudi De Vos »

We know, we are already a year in communication, issue's were fixed in the 1.2.2.4 (03/19) update.

Theissue's were in the viewer.
If you connect to a fake server, the server could send fake screen updates with bigger sizes then expected.
This could cause buffer overflows
Sainsuper
40
40
Posts: 96
Joined: 2008-04-02 10:47

Re: VNC vulnerability research

Post by Sainsuper »

ok thanks rudi fior fast answer
Post Reply