Vulnerabilities > CVE-2000-1164 - Unspecified vulnerability in ATT Winvnc 3.3.3/3.3.3R7
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Windows |
| NASL id | SMB_REG_WINVNC_PERMS.NASL |
| description | The registry key HKLM\Software\ORL\WinVNC3 is writeable and/or readable by users who are not in the admin group. This key contains the VNC password of this host, as well as other configuration setup. As this program allows remote access to this computer with the privileges of the currently logged on users, you should fix this problem. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10553 |
| published | 2000-11-20 |
| reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10553 |
| title | Microsoft Windows SMB Registry : WinVNC's Key Permissions |