Vulnerabilities > CVE-2001-0167 - Buffer Overflow vulnerability in AT&T; WinVNC Client

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

att

exploit available

metasploit

NVD

Published: 2001-05-03

Updated: 2017-12-19

Summary

Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.

Vulnerable Configurations

Part	Description	Count
Application	Att ATT Winvnc *	1

Exploit-Db

description	RealVNC 3.3.7 Client Buffer Overflow. CVE-2001-0167. Remote exploit for windows platform
id	EDB-ID:16489
last seen	2016-02-01
modified	2010-04-30
published	2010-04-30
reporter	metasploit
source	https://www.exploit-db.com/download/16489/
title	RealVNC 3.3.7 - Client Buffer Overflow

Metasploit

description	This module exploits a buffer overflow in RealVNC 3.3.7 (vncviewer.exe).
id	MSF:EXPLOIT/WINDOWS/VNC/REALVNC_CLIENT
last seen	2020-04-11
modified	2017-07-24
published	2006-12-14
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0167
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/vnc/realvnc_client.rb
title	RealVNC 3.3.7 Client Buffer Overflow

Packetstorm

data source	https://packetstormsecurity.com/files/download/83177/realvnc_client.rb.txt
id	PACKETSTORM:83177
last seen	2016-12-05
published	2009-11-26
reporter	MC
source	https://packetstormsecurity.com/files/83177/RealVNC-3.3.7-Client-Buffer-Overflow.html
title	RealVNC 3.3.7 Client Buffer Overflow

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

References