Vulnerability Description
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realvnc | Realvnc | 4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32317
- http://secunia.com/advisories/33689
- http://secunia.com/advisories/34184
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1PatchVendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml
- http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
- http://www.realvnc.com/products/free/4.1/release-notes.html
- http://www.realvnc.com/products/upgrade.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0261.html
- http://www.securityfocus.com/bid/31832
- http://www.securityfocus.com/bid/33263
- http://www.vupen.com/english/advisories/2008/2868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45969
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47937
FAQ
What is CVE-2008-4770?
CVE-2008-4770 is a vulnerability with a CVSS score of 10.0 (HIGH). The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows rem...
How severe is CVE-2008-4770?
CVE-2008-4770 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4770?
Check the references section above for vendor advisories and patch information. Affected products include: Realvnc Realvnc.