Primary

Context

UltraVNC Viewer Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in UltraVNC Viewer version 1.2.4.0. This issue allows attackers to crash the application by manipulating input in the VNC Server connection dialog. Exploitation involves generating a malformed payload of 256 bytes, which can be pasted into the dialog to trigger the crash.

Impact

Exploitation of this vulnerability leads to a crash of the UltraVNC Viewer application.

Reproduction

To reproduce this vulnerability, first run a Python script that generates a 256-byte payload and saves it to a text file. Then, open UltraVNC Viewer and paste the payload from the text file into the VNC Server connection dialog. Click 'Connect' to trigger the application crash.

Added: Feb 5, 2026, 7:42 PM

Updated: Feb 5, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UltraVNC Viewer Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

UltraVNC Viewer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating