6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.165 Low
EPSS
Percentile
95.9%
CORE Security Technologies reports:
A format string error has been found on the
vinagre_utils_show_error() function that can be exploited via
commands issued from a malicious server containing format
string specifiers on the VNC name.
In a web based attack scenario, the user would be required
to connect to a malicious server. Successful exploitation
would then allow the attacker to execute arbitrary code with
the privileges of the Vinagre user.