Vulnerabilities > CVE-2001-0168 - Unspecified vulnerability in ATT Winvnc

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
att
exploit available
metasploit
NVD
Published: 2001-05-03
Updated: 2024-11-20

Summary

Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.

Vulnerable Configurations

Part Description Count
Application
Att
1

Exploit-Db

descriptionWinVNC Web Server. CVE-2001-0168. Remote exploit for windows platform
idEDB-ID:16491
last seen2016-02-01
modified2009-12-06
published2009-12-06
reportermetasploit
sourcehttps://www.exploit-db.com/download/16491/
titleWinVNC Web Server <= 3.3.3r7 - GET Overflow

Metasploit

descriptionThis module exploits a buffer overflow in the AT&amp;T; WinVNC version <= v3.3.3r7 web server. When debugging mode with logging is enabled (non-default), an overly long GET request can overwrite the stack. This exploit does not work well with VNC payloads!
idMSF:EXPLOIT/WINDOWS/VNC/WINVNC_HTTP_GET
last seen2020-05-23
modified2017-11-08
published2008-06-03
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0168
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/vnc/winvnc_http_get.rb
titleWinVNC Web Server GET Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83084/winvnc_http_get.rb.txt
idPACKETSTORM:83084
last seen2016-12-05
published2009-11-26
reporterpatrick
sourcehttps://packetstormsecurity.com/files/83084/WinVNC-Web-Server-v3.3.3r7-GET-Overflow.html
titleWinVNC Web Server <= v3.3.3r7 GET Overflow

References