 |
Name:
WinVNC.Web.Server.GET.Overflow
|
Released Date:
Jun 10 2008
|
Severity:
critical
|
CVE:
2001-0168
|
|
|
Bugtraq:
2306
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a buffer-overflow vulnerability in AT&T WinVNC web server.
The vulnerability is caused by an error that occurs when the vulnerable software handles HTTP requests, and the debugging mode is turned on with the logging feature enabled. It allows a remote attacker to execute arbitrary code via sending a crafted web request.
|
|
|
|
Impact
|
|
System Compromise: Remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
|
AT&T WinVNC web server 3.3.3r7 and later versions.
|
|
Aliases
|
|
References
|
http://www.securityfocus.com/bid/2306
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0168
|
|
Recommended Actions
|
|
Upgrade the vulnerable software to the latest version, or disable debugging mode.
|
|
