Full Report
UltraVNC before 1.2.2.4 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial-of-service (DoS) condition of VNC client.
Analysis Summary
# Vulnerability: UltraVNC Stack-based Buffer Overflow in FileTransfer Module
## CVE Details
- CVE ID: CVE-2019-8269
- CVSS Score: 0.0 (Note: The provided CVSS v3.1 string yields a default score of 0.0, but given the impact of DoS and network attack vector, the actual score based on the vector string `AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H` should be reviewed against a CVSS calculator)
- CWE: Not explicitly provided, likely related to Buffer Copy without Checking Size (CWE-120).
## Affected Systems
- Products: UltraVNC (VNC client code)
- Versions: Before 1.2.2.4
- Configurations: VNC client connecting to a malicious VNC server via the FileTransfer module.
## Vulnerability Description
A stack-based Buffer Overflow vulnerability exists within the FileTransfer module of the UltraVNC client code. If a vulnerable client connects to a specially crafted VNC server, the attacker can trigger this overflow, which leads to a Denial-of-Service (DoS) condition affecting the VNC client application.
## Exploitation
- Status: PoC available (Implied by the description stating "Existence of exploit PoC")
- Complexity: Low
- Attack Vector: Network
- User Interaction: Required ("Successful exploitation requires user connection to the attacker’s server.")
## Impact
- Confidentiality: No Impact (N)
- Integrity: No Impact (N)
- Availability: High Impact (H) - Results in a Denial-of-Service (DoS) condition of the VNC client.
## Remediation
### Patches
- Update UltraVNC to version **1.2.2.4 or newer**.
### Workarounds
- No specific vendor workarounds were provided in the summary; generally, avoiding connections to untrusted VNC servers when running the client software would be the implied mitigation until patching.
## Detection
- Indicators of compromise: Crashes or unexpected termination of the UltraVNC client application after connecting to an external VNC server.
- Detection methods and tools: Network monitoring for suspicious VNC traffic patterns leading up to client application termination. Full memory or process analysis during exploitation would require deeper forensic investigation.
## References
- Vendor advisory: Vendor released patch February 2019.
- Relevant links:
- https://ics-cert.kaspersky.com/advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/