CVE-2008-4770

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
References
Link Resource
http://secunia.com/advisories/32317
http://secunia.com/advisories/33689
http://secunia.com/advisories/34184
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml
http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/upgrade.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0261.html
http://www.securityfocus.com/bid/31832
http://www.securityfocus.com/bid/33263
http://www.vupen.com/english/advisories/2008/2868
https://exchange.xforce.ibmcloud.com/vulnerabilities/45969
https://exchange.xforce.ibmcloud.com/vulnerabilities/47937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html
http://secunia.com/advisories/32317
http://secunia.com/advisories/33689
http://secunia.com/advisories/34184
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml
http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/upgrade.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0261.html
http://www.securityfocus.com/bid/31832
http://www.securityfocus.com/bid/33263
http://www.vupen.com/english/advisories/2008/2868
https://exchange.xforce.ibmcloud.com/vulnerabilities/45969
https://exchange.xforce.ibmcloud.com/vulnerabilities/47937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:realvnc:realvnc:4.0:*:free:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:4.1.2:*:free:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:4.4.2:*:enterprise:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:e4.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:p4.0:*:personal:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:p4.4.2:*:personal:*:*:*:*:*

History

21 Nov 2024, 00:52

Type Values Removed Values Added
References () http://secunia.com/advisories/32317 - () http://secunia.com/advisories/32317 -
References () http://secunia.com/advisories/33689 - () http://secunia.com/advisories/33689 -
References () http://secunia.com/advisories/34184 - () http://secunia.com/advisories/34184 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1 - Patch, Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1 - Patch, Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1 - Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1 - Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml - () http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml -
References () http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html - () http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html -
References () http://www.realvnc.com/products/free/4.1/release-notes.html - () http://www.realvnc.com/products/free/4.1/release-notes.html -
References () http://www.realvnc.com/products/upgrade.html - Vendor Advisory () http://www.realvnc.com/products/upgrade.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2009-0261.html - () http://www.redhat.com/support/errata/RHSA-2009-0261.html -
References () http://www.securityfocus.com/bid/31832 - () http://www.securityfocus.com/bid/31832 -
References () http://www.securityfocus.com/bid/33263 - () http://www.securityfocus.com/bid/33263 -
References () http://www.vupen.com/english/advisories/2008/2868 - () http://www.vupen.com/english/advisories/2008/2868 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45969 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45969 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/47937 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/47937 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html - () https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html -

Information

Published : 2009-01-16 21:30

Updated : 2024-11-21 00:52


NVD link : CVE-2008-4770

Mitre link : CVE-2008-4770

CVE.ORG link : CVE-2008-4770


JSON object : View

Products Affected

realvnc

  • realvnc
CWE
CWE-20

Improper Input Validation