The remote Windows host has an application that may allow execution of
arbitrary code.
Description :
The version of RealVNCs VNC Viewer installed on the remote Windows
host is affected by multiple issues :
- An error in the CMsgReader::readRect() function in
common/rfb/CMsgReader.cxx that comes into play when
processing encoding types, may allow arbitrary code
execution on the remote system. If an attacker can trick
a user on the remote host into connecting to a malicious
server, he can exploit this issue using specially crafted
messages to compromise that host.
- By tricking an user to connect to an malicious VNC server
it may be possible for an attacker to execute arbitrary
code on remote system by sending malicious RFB protocol
data to the remote VNC Viewer component. Note VNC servers
are not affected by this issue.
