4 matches found
CVE-2000-1164
The CVE-2000-1164 issue affects WinVNC, specifically the WinVNC3 registry key HKLM\Software\ORL\WinVNC3. The root cause is weak permissions that grant read/modify access to the Everybody group (and in some contexts to non-admin users), allowing extraction or alteration of the VNC password and oth...
CVE-2001-0167
CVE-2001-0167 describes a buffer overflow in the RealVNC/WinVNC client prior to or at version 3.3.3r7 (WinVNC) that can be triggered by a crafted rfbConnFailed packet and a long reason string, allowing a remote attacker to execute arbitrary code with the user’s privileges. Connected sources show ...
CVE-2001-0168
CVE-2001-0168 affects AT&T WinVNC Windows server up to version 3.3.3r7. A buffer overflow in the HTTP handling (vncHTTPConnect/Log.cpp) can be triggered by an overly long HTTP GET when the DebugLevel registry key > 0, allowing remote code execution with the privileges of the VNC server user. P...
CVE-2001-1422
The CVE-2001-1422 entry concerns WinVNC 3.3.3 and earlier, where generating the same challenge string for multiple connections allows remote attackers to bypass VNC authentication by sniffing the challenge/response of other users. Affected software: WinVNC versions up to 3.3.3 (and earlier). Unde...