Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-4770

Disclosure Date: January 16, 2009 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to “encoding type.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

realvnc

Products

References

Canonical

CVE-2008-4770 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770)

BID-31832 (http://www.securityfocus.com/bid/31832)

BID-33263 (http://www.securityfocus.com/bid/33263)

Advisory

GLSA-200903-17 (http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml)

http://www.realvnc.com/products/upgrade.html

FEDORA-2009-1001 (https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html)

http://www.realvnc.com/products/free/4.1/release-notes.html

SECUNIA-33689 (http://secunia.com/advisories/33689)

SECUNIA-34184 (http://secunia.com/advisories/34184)

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1

SUNALERT-248526 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1)

XF-realvnc-cmsgreader-code-execution(45969) (https://exchange.xforce.ibmcloud.com/vulnerabilities/45969)

SECUNIA-32317 (http://secunia.com/advisories/32317)

ADV-2008-2868 (http://www.vupen.com/english/advisories/2008/2868)

[vnc-list] 20081126 VNC Viewer Vulnerability CVE-2008-4770 (http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html)

XF-realvnc-rfb-protocol-code-execution(47937) (https://exchange.xforce.ibmcloud.com/vulnerabilities/47937)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367

http://www.redhat.com/support/errata/RHSA-2009-0261.html

Rapid7

Technical Analysis