Impact
A vulnerability has been found in the DSMPlugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. Users running UltraVNC server version <=1.3.8.0 are affected by this vulnerability.
Patches
The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1.
Workarounds
Do not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.
References
Fixed patch: 36a31b3
Analysis: https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE
Discoverer: Jing Qiang (qianglehh333@gmail.com)
For more information
If you have any questions or comments about this advisory:
bowtiejicode Analyst
RudiDeVos Analyst
Impact
A vulnerability has been found in the DSMPlugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. Users running UltraVNC server version <=1.3.8.0 are affected by this vulnerability.
Patches
The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1.
Workarounds
Do not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.
References
Fixed patch: 36a31b3
Analysis: https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE
Discoverer: Jing Qiang (qianglehh333@gmail.com)
For more information
If you have any questions or comments about this advisory: