Intrusion PreventionVNC.Client.Authenticate.Buffer.Overflow
Description
Indicates a possible attempt to exploit a buffer overflow vulnerability in AT&T's VNC client. The VNC Client (Virtual Network Computing) is a remote administration package that enables access to a remote system desktop. The client contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code on the system. This is due to a boundary check error in the client application while handling rfbConnFailed packets from the server. To exploit this an attacker can spoof the session between server and client to discover the server version, and then send a malformed rfbConnFailed packet with 'reason' string 1024 bytes long and 'reason' length more than 1024 bytes to the vulnerable client system. This may cause buffer overflow on the client system, making it possible to execute arbitrary code.
Affected Products
AT&T WinVNC Client 3.3.3 r7
Impact
Compromise of the affected system.
Recommended Actions
A patch is available for this vulnerability.
Core SDI VNC-clientBO.patch
ftp://ftp.core-sdi.com/pub/patches/VNC-clientBO.patch
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 10103 |
| Created | Jun 15, 2005 |
| Updated | Sep 27, 2022 |
| Risk |
|
| CVE ID | CVE-2009-0388 CVE-2001-0167 CVE-2006-1652 |
| Exploit Prediction Score | 95.27% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |