CVE-2008-4770

NameCVE-2008-4770
DescriptionThe CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1716-1
NVD severityhigh (attack range: remote)
Debian Bugs513531
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vnc4 (PTS)squeeze4.1.1+X4.3.0-37fixed
wheezy4.1.1+X4.3.0-37.1fixed
jessie, sid4.1.1+X4.3.0-37.4fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vnc4source(unstable)4.1.1+X4.3.0-31medium513531
vnc4sourceetch4.1.1+X4.3.0-21+etch1highDSA-1716-1

Search for package or bug name: Reporting problems