Vulnerabilities > CVE-2001-0168 - Buffer Overflow vulnerability in AT&T; WinVNC Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | WinVNC Web Server. CVE-2001-0168. Remote exploit for windows platform |
| id | EDB-ID:16491 |
| last seen | 2016-02-01 |
| modified | 2009-12-06 |
| published | 2009-12-06 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16491/ |
| title | WinVNC Web Server <= 3.3.3r7 - GET Overflow |
Metasploit
| description | This module exploits a buffer overflow in the AT&T; WinVNC version <= v3.3.3r7 web server. When debugging mode with logging is enabled (non-default), an overly long GET request can overwrite the stack. This exploit does not work well with VNC payloads! |
| id | MSF:EXPLOIT/WINDOWS/VNC/WINVNC_HTTP_GET |
| last seen | 2020-05-23 |
| modified | 2017-11-08 |
| published | 2008-06-03 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0168 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/vnc/winvnc_http_get.rb |
| title | WinVNC Web Server GET Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83084/winvnc_http_get.rb.txt |
| id | PACKETSTORM:83084 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | patrick |
| source | https://packetstormsecurity.com/files/83084/WinVNC-Web-Server-v3.3.3r7-GET-Overflow.html |
| title | WinVNC Web Server <= v3.3.3r7 GET Overflow |