CVE-2008-5660

Vinagre 0.5.x-0.5.1 and 2.x-2.24.1 - Remote Code Execution via Format String in URI or VNC Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5660. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a format string vulnerability in Vinagre's `vinagre_utils_show_error()` function, which can be triggered remotely via a malicious VNC server. The PoC includes a Python script that sets up a fake VNC server to exploit the vulnerability by sending crafted format string specifiers.

Description

Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/7401

View Code ZIP pw:eip

The exploit demonstrates a format string vulnerability in Vinagre's `vinagre_utils_show_error()` function, which can be triggered remotely via a malicious VNC server. The PoC includes a Python script that sets up a fake VNC server to exploit the vulnerability by sending crafted format string specifiers.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Vinagre 2.24.1 and previous versions

No auth needed

Prerequisites: Network access to the target · Target must connect to the malicious VNC server

MITRE ATT&CK