Full Report
UltraVNC before 1.2.2.4 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution.
Analysis Summary
# Vulnerability: UltraVNC Heap Buffer Overflow in Decoder Code
## CVE Details
- CVE ID: CVE-2019-8262
- CVSS Score: 9.6 (Based on the provided CVSS string attributes: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) - Classified as Critical severity based on metrics, though the provided text shows 0.0 score initially, the detailed string implies high severity. We will use the derived impact.
- CWE: Heap Buffer Overflow (Inferred from description)
## Affected Systems
- Products: UltraVNC
- Versions: Before 1.2.2.4
- Configurations: N/A (Affects the VNC client code)
## Vulnerability Description
Multiple heap buffer overflow vulnerabilities exist within the VNC client code, specifically inside the Ultra decoder component of UltraVNC. Successful exploitation can lead to arbitrary code execution.
## Exploitation
- Status: PoC available (Stated as "Existence of exploit PoC")
- Complexity: Low (Implied by AV:N/AC:L)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- Update UltraVNC to version **1.2.2.4 or newer**.
### Workarounds
- No specific workarounds were detailed in the provided context besides applying the patch.
## Detection
- Indicators of compromise: Attempts to trigger heap corruption via specially crafted VNC server responses when connecting the UltraVNC client.
- Detection methods and tools: Monitoring network traffic connecting to known malicious VNC servers, or analyzing system crash dumps related to the UltraVNC client process.
## References
- Vendor advisories: [ics-cert.kaspersky.com/advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/]