This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote Windows host has an application that may allow execution of
The version of RealVNC's VNC Viewer installed on the remote Windows
host is affected by multiple issues :
- An error in the 'CMsgReader::readRect()' function in
'common/rfb/CMsgReader.cxx' that comes into play when
processing encoding types, may allow arbitrary code
execution on the remote system. If an attacker can trick
a user on the remote host into connecting to a malicious
server, he can exploit this issue using specially
messages to compromise that host.
- By tricking a user to connect to a malicious VNC server,
it may be possible for an attacker to execute arbitrary
code on a remote system by sending malicious RFB
data to the remote VNC Viewer component. Note VNC
are not affected by this issue.
See also :
Upgrade to RealVNC VNC Viewer Free Edition 4.1.3 / Personal Edition
4.4.3 / Enterprise Edition 4.4.3 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true