Main Vulnerability Database Vulnerabilities #VU22959

Integer underflow in UltraVNC - CVE-2018-15361

Published: November 25, 2019 / Updated: November 27, 2019

Vulnerability identifier: #VU22959

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-15361

CWE-ID: CWE-191

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ultravnc.sourceforge.net

Affected software:
UltraVNC

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow in VNC client code. A remote attacker that controls a malicious VNC server can trick a user to connect to it, trigger integer underflow and execute arbitrary code on the target system with privileges of the user, running the VNC client.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-15361

Install updates from vendor's website.

Sources

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/

Integer underflow in UltraVNC - CVE-2018-15361

Detailed vulnerability description

How to mitigate CVE-2018-15361

Sources

Please verify you're human