EIP-2026-116172

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116172. PoCs published by Andres Luksenberg.

AI-analyzed exploit summary This Python script exploits a remote code execution vulnerability in RealVNC 4.1.2 by sending maliciously crafted RFB protocol messages to trigger a buffer overflow. The exploit sets up a fake VNC server on port 5900 and sends a sequence of packets, including a payload with a specific pattern designed to overwrite memory and achieve arbitrary code execution.

Description

RealVNC 4.1.2 - 'vncviewer.exe' RFB Protocol Remote Code Execution (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andres Luksenberg · pythondoswindows

https://www.exploit-db.com/exploits/7943

View Code ZIP pw:eip

This Python script exploits a remote code execution vulnerability in RealVNC 4.1.2 by sending maliciously crafted RFB protocol messages to trigger a buffer overflow. The exploit sets up a fake VNC server on port 5900 and sends a sequence of packets, including a payload with a specific pattern designed to overwrite memory and achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RealVNC 4.1.2

No auth needed

Prerequisites: Network access to the target system · Target must be running RealVNC 4.1.2 with the vulnerable service exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

RealVNC 4.1.2 - 'vncviewer.exe' RFB Protocol Remote Code Execution (PoC)

Exploitation Summary

Description

Exploits (1)

Details