RealVNC VNC Viewer < 4.1.3/4.4.3 Arbitrary Command Execution

high Nessus Plugin ID 34461

Synopsis

The remote Windows host has an application that may allow execution of arbitrary code.

Description

The version of RealVNC's VNC Viewer installed on the remote Windows host is affected by multiple issues :

- An error in the 'CMsgReader::readRect()' function in 'common/rfb/CMsgReader.cxx' that comes into play when processing encoding types, may allow arbitrary code execution on the remote system. If an attacker can trick a user on the remote host into connecting to a malicious server, he can exploit this issue using specially crafted messages to compromise that host.

- By tricking a user to connect to a malicious VNC server, it may be possible for an attacker to execute arbitrary code on a remote system by sending malicious RFB protocol data to the remote VNC Viewer component. Note VNC servers are not affected by this issue.

Solution

Upgrade to RealVNC VNC Viewer Free Edition 4.1.3 / Personal Edition 4.4.3 / Enterprise Edition 4.4.3 or later.

See Also

https://www.realvnc.com/en/connect/benefits/

http://www.realvnc.com/products/personal/4.4/release-notes.html

http://www.realvnc.com/products/enterprise/4.4/release-notes.html

Plugin Details

Severity: High

ID: 34461

File Name: realvnc_4_1_3.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 10/21/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:realvnc:realvnc

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-4770

BID: 31832, 33263

CWE: 20

Secunia: 32317