Lucene search

[email protected]CVE-2008-5001

HistoryNov 10, 2008 - 2:12 p.m.

CVE-2008-5001

2008-11-1014:12:56

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-5001

buffer overflow

vncviewer

ultravnc

denial of service

code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.308 Low

EPSS

Percentile

97.0%

JSON

Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.

Affected configurations

NVD

Node

ultravncultravncMatch1.0.2

ultravncultravncMatch1.0.4

CPENameOperatorVersion
ultravnc:ultravncultravnceq1.0.2
ultravnc:ultravncultravnceq1.0.4

CPE	Name	Operator	Version
ultravnc:ultravnc	ultravnc	eq	1.0.2
ultravnc:ultravnc	ultravnc	eq	1.0.4

References

forum.ultravnc.info/viewtopic.php?p=45150#45150

secunia.com/advisories/28804

sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887

ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/FileTransfer.cpp?view=log#rev183

www.securityfocus.com/bid/27687

www.vupen.com/english/advisories/2008/0486

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.308 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2008-5001

cvelist2 prion2 nvd2 openvas2 packetstorm1 cert1 cve1