Search for vulnerabilities
Vulnerability details: VCID-kmft-crm4-aaaf
Vulnerability ID VCID-kmft-crm4-aaaf
Aliases CVE-2008-4770
Summary The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:0261
epss 0.04911 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.04911 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.04911 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.04911 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0582 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0582 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0582 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.07650 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.0862 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
epss 0.11766 https://api.first.org/data/v1/epss?cve=CVE-2008-4770
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=480590
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2008-4770
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4770.json
https://api.first.org/data/v1/epss?cve=CVE-2008-4770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770
http://secunia.com/advisories/32317
http://secunia.com/advisories/33689
http://secunia.com/advisories/34184
https://exchange.xforce.ibmcloud.com/vulnerabilities/45969
https://exchange.xforce.ibmcloud.com/vulnerabilities/47937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9367
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140455-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248526-1
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01025.html
http://www.gentoo.org/security/en/glsa/glsa-200903-17.xml
http://www.realvnc.com/pipermail/vnc-list/2008-November/059432.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/upgrade.html
http://www.redhat.com/support/errata/RHSA-2009-0261.html
http://www.securityfocus.com/bid/31832
http://www.securityfocus.com/bid/33263
http://www.vupen.com/english/advisories/2008/2868
480590 https://bugzilla.redhat.com/show_bug.cgi?id=480590
513531 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513531
cpe:2.3:a:realvnc:realvnc:4.0:*:free:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:realvnc:realvnc:4.0:*:free:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:4.1.2:*:free:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:realvnc:realvnc:4.1.2:*:free:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:4.4.2:*:enterprise:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:realvnc:realvnc:4.4.2:*:enterprise:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:e4.0:*:enterprise:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:realvnc:realvnc:e4.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:p4.0:*:personal:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:realvnc:realvnc:p4.0:*:personal:*:*:*:*:*
cpe:2.3:a:realvnc:realvnc:p4.4.2:*:personal:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:realvnc:realvnc:p4.4.2:*:personal:*:*:*:*:*
CVE-2008-4770 https://nvd.nist.gov/vuln/detail/CVE-2008-4770
GLSA-200903-17 https://security.gentoo.org/glsa/200903-17
RHSA-2009:0261 https://access.redhat.com/errata/RHSA-2009:0261
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4770
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92689
EPSS Score 0.04911
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.