Vigil@nce: RealVNC, vulnerability of VNC Viewer
October 2008 by Vigil@nce
An attacker can create a malicious VNC server and invite the victim to connect to it with VNC Viewer in order to execute code on the computer.
Consequences: user access/rights
Provenance: intranet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 20/10/2008
The RealVNC product is composed of two modules:
VNC Server: to be installed on the computer to administer
VNS Viewer: to be installed on the client
The CMsgReader::readRect() function of the common/rfb/CMsgReader.cxx file, used in VNC Viewer, does not correctly check received messages.
An attacker can therefore create a malicious VNC server and invite the victim to connect to it with VNC Viewer in order to execute code on the computer.
Identifiers: BID-31832, VIGILANCE-VUL-8186