1. Advisory Information
Title: VNC Multiple Integer Overflows
Advisory ID: CORE-2008-1009
Advisory URL: coresecurity.com/content/vnc-integer-overflows/
Date published: 2009-02-03
Date of last update: 2009-02-03
Vendors contacted: UltraVNC, TightVNC
Release mode: Coordinated release

2. Vulnerability Information
Class: Integer overflow
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 33568
CVE Name: CVE-2009-0388

3. Vulnerability Description
Multiple integer overflow vulnerabilities have been discovered in UltraVNC [1] and TightVNC [2], two (open source) remote control applications derived from the popular VNC [3] software.
The vulnerabilities cause a miscalculation of a buffer size on the heap, allowing an attacker to corrupt a VNC client heap and can probably allow code execution (exploitation is very likely).

4. Vulnerable packages
UltraVNC - 1.0.2
UltraVNC - 1.0.5
TightVnc - 1.3.9
Older versions are probably affected too, but they were not tested