CVE-2007-2526 - Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.d

CVE-2007-2526

Summary

Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.

References

http://moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html
http://osvdb.org/34340
http://secunia.com/advisories/25203
http://www.exploit-db.com/exploits/3873
http://www.securityfocus.com/bid/23869
http://www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt
http://www.vupen.com/english/advisories/2007/1704
https://exchange.xforce.ibmcloud.com/vulnerabilities/34149

Vulnerable Configurations

cpe:2.3:a:smartcode:vnc_manager:3.6:*:*:*:*:*:*:*
cpe:2.3:a:smartcode:vnc_manager:3.6:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23869
exploit-db	3873
misc	http://moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html http://www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt
osvdb	34340
secunia	25203
vupen	ADV-2007-1704
xf	smartcode-vnc-scvncctrl-bo(34149)

Last major update

11-10-2017 - 01:32

Published

08-05-2007 - 23:19

Last modified

11-10-2017 - 01:32