Primary

Context

UltraVNC Viewer Denial-of-Service Vulnerability via Buffer Overflow

Vulnerability

Patched

A denial-of-service vulnerability has been identified in UltraVNC Viewer version 1.2.2.4. This issue allows attackers to crash the application by sending an oversized string to the VNC Server input field. The vulnerability is triggered by pasting a malicious string composed of 256 repeated characters into the VNC Server field and clicking 'Connect', which causes a buffer overflow that crashes the viewer.

Impact

Exploitation of this vulnerability leads to a buffer overflow, causing the application to crash.

Reproduction

The vulnerability can be reproduced by pasting a string of 256 repeated characters into the 'VNC Server' input field of UltraVNC Viewer 1.2.2.4 and clicking 'Connect'. This action triggers a buffer overflow that crashes the application.

Added: Mar 22, 2026, 2:31 PM

Updated: Mar 22, 2026, 2:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.6

remediation

7.7

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.6

remediation

7.7

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UltraVNC Viewer Denial-of-Service Vulnerability via Buffer Overflow

Vulnerability

Impact

Reproduction

Affected Products

UltraVNC Viewer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating