Home > Vulnerability Database > CVE-2008-4770

Mend.io Vulnerability Database

CVE-2008-4770

Date: January 16, 2009

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

Severity Score

9.8

Related Resources (19)

Url: https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/47937

Url: http://secunia.com/advisories/33689

Url: http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html

Url: http://www.redhat.com/support/errata/RHSA-2009-0261.html

Url: http://www.vupen.com/english/advisories/2008/2868

Url: http://www.realvnc.com/products/free/4.1/release-notes.html

Url: http://secunia.com/advisories/34184

Url: http://secunia.com/advisories/32317

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45969

Url: http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1

Url: http://www.securityfocus.com/bid/33263

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4770

Url: http://www.securityfocus.com/bid/31832

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1

Url: http://www.realvnc.com/products/upgrade.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-4770

Severity Score

9.8

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-4770

Date: January 16, 2009

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?