Intrusion Prevention

VNC.Server.ClientCutText.Message.Memory.Corruption

Description

This indicates an attack attempt against a memory-corruption vulnerability in RealVNC VNC Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted ClientCutText VNC command. It allows a remote attacker to execute arbitrary code.

Affected Products

RealVNC RealVNC 4.1.3

Impact

System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service

Recommended Actions

Upgrade to the latest versions:
http://www.realvnc.com/