Vigil@nce: RealVNC, vulnerability of VNC Viewer
October 2008 by Vigil@nce
SYNTHESIS
An attacker can create a malicious VNC server and invite the
victim to connect to it with VNC Viewer in order to execute code
on the computer.
Gravity: 2/4
Consequences: user access/rights
Provenance: intranet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 20/10/2008
IMPACTED PRODUCTS
– RealVNC
DESCRIPTION
The RealVNC product is composed of two modules:
– VNC Server: to be installed on the computer to administer
– VNS Viewer: to be installed on the client
The CMsgReader::readRect() function of the common/rfb/CMsgReader.cxx
file, used in VNC Viewer, does not correctly check received
messages.
An attacker can therefore create a malicious VNC server and invite
the victim to connect to it with VNC Viewer in order to execute
code on the computer.
CHARACTERISTICS
Identifiers: BID-31832, VIGILANCE-VUL-8186