Skip to main content

Ultravnc CVE-2019-8274

CRITICAL
Heap-based Buffer Overflow (CWE-122)
2019-03-08 vulnerability@kaspersky.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 08, 2019 - 23:29 nvd
CRITICAL 9.8

DescriptionNVD

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

AnalysisAI

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-122. UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. Affected products include: Uvnc Ultravnc, Siemens Sinumerik Access Mymachine\/P2P, Siemens Sinumerik Pcu Base Win10 Software\/Ipc, Siemens Sinumerik Pcu Base Win7 Software\/Ipc.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-37133 HIGH POC
7.5 Feb 05

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allow

CVE-2026-4962 MEDIUM POC
6.4 Mar 27

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Servi

CVE-2020-37132 MEDIUM POC
6.2 Feb 05

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allow

CVE-2019-8280 CRITICAL
9.8 Mar 08

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially re

CVE-2019-8275 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of

CVE-2019-8273 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler,

CVE-2019-8272 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code

CVE-2019-8271 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which c

CVE-2019-8268 CRITICAL
9.8 Mar 08

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of Clien

CVE-2019-8266 CRITICAL
9.8 Mar 08

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnecti

CVE-2019-8265 CRITICAL
9.8 Mar 08

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macr

CVE-2019-8264 CRITICAL
9.8 Mar 08

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially

Share

CVE-2019-8274 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy