Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
- http://nvd.nist.gov/...e=CVE-2008-0610
Last revised: 2/6/2008
Overview: Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.
Impact:
CVSS Severity (version 2.0):
CVSS v2 Base score: 9.3 (High)
Impact Subscore: 10.0
Exploitability Subscore: 8.6
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure
Patch Information: http://secunia.com/advisories/28747
...The vulnerability is confirmed in version 1.0.2 and reported in release candidates of version 1.0.4 prior to January 25th, 2008. Reportedly, UltraVNC server is not affected.
Solution: Apply updated version.
http://downloads.sou...rity-Update.zip
