Skip to main content

Ultravnc CVE-2019-8277

HIGH
Improper Initialization (CWE-665)
2019-03-08 vulnerability@kaspersky.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 08, 2019 - 23:29 nvd
HIGH 7.5

DescriptionNVD

UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

AnalysisAI

UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-665. UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. Affected products include: Uvnc Ultravnc, Siemens Sinumerik Access Mymachine\/P2P, Siemens Sinumerik Pcu Base Win10 Software\/Ipc, Siemens Sinumerik Pcu Base Win7 Software\/Ipc.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-37133 HIGH POC
7.5 Feb 05

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allow

CVE-2026-4962 MEDIUM POC
6.4 Mar 27

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Servi

CVE-2020-37132 MEDIUM POC
6.2 Feb 05

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allow

CVE-2019-8280 CRITICAL
9.8 Mar 08

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially re

CVE-2019-8275 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of

CVE-2019-8274 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, w

CVE-2019-8273 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler,

CVE-2019-8272 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code

CVE-2019-8271 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which c

CVE-2019-8268 CRITICAL
9.8 Mar 08

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of Clien

CVE-2019-8266 CRITICAL
9.8 Mar 08

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnecti

CVE-2019-8265 CRITICAL
9.8 Mar 08

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macr

Share

CVE-2019-8277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy