{"containers": {"cna": {"affected": [{"product": "UltraVNC", "vendor": "Kaspersky Lab", "versions": [{"status": "affected", "version": "1.2.2.3"}]}], "datePublic": "2019-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-788", "description": "CWE-788: Access of Memory Location After End of Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-28T12:18:29", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "DATE_PUBLIC": "2019-03-01T00:00:00", "ID": "CVE-2019-8280", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UltraVNC", "version": {"version_data": [{"version_value": "1.2.2.3"}]}}]}, "vendor_name": "Kaspersky Lab"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-788: Access of Memory Location After End of Buffer"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"}, {"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:17:30.735Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2019-8280", "datePublished": "2019-03-09T00:00:00Z", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-09-17T01:40:44.392Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*", "matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C", "versionEndExcluding": "1.2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204."}, {"lang": "es", "value": "UltraVNC, en su revisi\u00f3n 1203, tiene una vulnerabilidad de acceso fuera de l\u00edmites en el cliente VNC dentro del decodificador RAW, lo que podr\u00eda conducir a una ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1204."}], "id": "CVE-2019-8280", "lastModified": "2024-11-21T04:49:38.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-08T23:29:00.997", "references": [{"source": "vulnerability@kaspersky.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"}, {"source": "vulnerability@kaspersky.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"}, {"source": "vulnerability@kaspersky.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"}, {"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"}, {"source": "vulnerability@kaspersky.com", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"}, {"source": "vulnerability@kaspersky.com", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-788"}], "source": "vulnerability@kaspersky.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}