CVE-2019-8264
Summary
| CVE | CVE-2019-8264 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-08 23:29:00 UTC |
| Updated | 2021-06-28 12:15:00 UTC |
| Description | UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. |
Risk And Classification
Problem Types: CWE-125 | CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| KLCERT-19-011: UltraVNC Access of Memory Location After End of Buffer | Kaspersky ICS CERT | MISC | ics-cert.kaspersky.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | CONFIRM | cert-portal.siemens.com | |
| Siemens SIMATIC UltraVNC HMI WinCC Products | CISA | MISC | us-cert.cisa.gov | |
| Siemens SINUMERIK | CISA | MISC | www.us-cert.gov | |
| cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf | CONFIRM | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.