vnc is vulnerable to arbitrary code execution. The vulnerability exists as an insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the “listen” mode, the attacker could cause the victim’s vncviewer to crash or, possibly, execute arbitrary code.
secunia.com/advisories/32317
secunia.com/advisories/33689
secunia.com/advisories/34184
sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1
sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1
www.gentoo.org/security/en/glsa/glsa-200903-17.xml
www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
www.realvnc.com/products/free/4.1/release-notes.html
www.realvnc.com/products/upgrade.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2009-0261.html
www.securityfocus.com/bid/31832
www.securityfocus.com/bid/33263
www.vupen.com/english/advisories/2008/2868
access.redhat.com/errata/RHSA-2009:0261
exchange.xforce.ibmcloud.com/vulnerabilities/45969
exchange.xforce.ibmcloud.com/vulnerabilities/47937
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367
www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html