Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to att - winvnc_server

Vulnerability from fkie_nvd

Published

2002-09-24 04:00

Modified

2024-11-20 23:40

Severity ?

Summary

Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.

References

▼	URL	Tags
	cve@mitre.org	http://marc.info/?l=bugtraq&m=102994289123085&w=2
	cve@mitre.org	http://www.iss.net/security_center/static/9979.php
	cve@mitre.org	http://www.securityfocus.com/bid/5530
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=102994289123085&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/9979.php
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/5530

Impacted products

Vendor	Product	Version
att	winvnc_server	*
att	winvnc_server	3.3.3_r7
tightvnc	tightvnc	1.2.0
tightvnc	tightvnc	1.2.1
tightvnc	tightvnc	1.2.5
tridia	tridiavnc	1.5
tridia	tridiavnc	1.5.1
tridia	tridiavnc	1.5.2
tridia	tridiavnc	1.5.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:att:winvnc_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA6820A-D28A-49C6-A6D6-D54F95274FE3",
              "versionEndIncluding": "3.3.3_r9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:att:winvnc_server:3.3.3_r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FEAAE30-8DA0-4C04-B745-FECCEA0685ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2F4EE57-DA68-4438-A401-BAC82B7242D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E11A57-016E-4720-A266-A53743629CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FD5B03E-D897-4A06-A3EF-62B13B46B7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridia:tridiavnc:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E2C09A-A649-4E4C-BC75-45F456546B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridia:tridiavnc:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39675379-9A88-40AE-85A1-F0E4ADEA1A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridia:tridiavnc:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40879BF2-41EB-4170-A7EC-223CB22A83ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridia:tridiavnc:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "13622F73-D0BF-41DD-976F-4926FA5744CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en VNC, TightVNC, y TridiaVNC permite a usuarios locales ejecutar c\u00f3digo arbitrario como LocalSystem usando el sistema de mensajes de Win32 para evitar el GUI (Interfaz Gr\u00e1fico de \u00dasuario) y acceder al cuadro de di\u00e1logo \"A\u00f1adir nuevos clientes\""
    }
  ],
  "id": "CVE-2002-0971",
  "lastModified": "2024-11-20T23:40:17.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-09-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9979.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102994289123085\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9979.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5530"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2002-0971

Vulnerability from cvelistv5