RealVNC VNC Viewer < 4.1.3/4.4.3 Arbitrary Command Execution

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that may allow execution of
arbitrary code.

Description :

The version of RealVNC's VNC Viewer installed on the remote Windows
host is affected by multiple issues :

- An error in the 'CMsgReader::readRect()' function in
'common/rfb/CMsgReader.cxx' that comes into play when
processing encoding types, may allow arbitrary code
execution on the remote system. If an attacker can trick
a user on the remote host into connecting to a malicious
server, he can exploit this issue using specially
crafted
messages to compromise that host.

- By tricking a user to connect to a malicious VNC server,
it may be possible for an attacker to execute arbitrary
code on a remote system by sending malicious RFB
protocol
data to the remote VNC Viewer component. Note VNC
servers
are not affected by this issue.

See also :

http://www.realvnc.com/products/upgrade.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/personal/4.4/release-notes.html
http://www.realvnc.com/products/enterprise/4.4/release-notes.html

Solution :

Upgrade to RealVNC VNC Viewer Free Edition 4.1.3 / Personal Edition
4.4.3 / Enterprise Edition 4.4.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34461 ()

Bugtraq ID: 31832
33263

CVE ID: CVE-2008-4770

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now