Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2006-1652

Disclosure Date: April 06, 2006 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

UltraVNC 1.0.1 Client Buffer Overflow

Description

Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

ultravnc

Products

Weaknesses

CWE-119

Metasploit Modules

UltraVNC 1.0.1 Client Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/vnc/ultravnc_client.rb)

References

Canonical

CVE-2006-1652 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1652)

BID-17378 (http://www.securityfocus.com/bid/17378)

Advisory

EXPLOIT-DB-1642 (https://www.exploit-db.com/exploits/1642)

XF-untr@vnc-error-bo(25648) (https://exchange.xforce.ibmcloud.com/vulnerabilities/25648)

EXPLOIT-DB-1643 (https://www.exploit-db.com/exploits/1643)

XF-ultr@vnc-vnclogreallyprint-bo(25650) (https://exchange.xforce.ibmcloud.com/vulnerabilities/25650)

SECUNIA-19513 (http://secunia.com/advisories/19513)

20060411 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC (http://www.securityfocus.com/archive/1/430711/100/0/threaded)

20060405 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server (http://www.securityfocus.com/archive/1/430287/100/0/threaded)

ADV-2006-1240 (http://www.vupen.com/english/advisories/2006/1240)

SREASON-674 (http://securityreason.com/securityalert/674)

20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server (http://www.securityfocus.com/archive/1/429930/100/0/threaded)

20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server (http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044901.html)

Rapid7

Technical Analysis