UltraVNC

File Release Notes and Changelog

Release Name: UltraVNC - Release 1.0.4

Notes: *** Feb. 8 2008 Update *** This vncviewer.exe fixes several new vulnerabilities found in the vncviewer (around Feb. 2 2008) (VncViewer 1.0.2 and latest 1.0.4 RC have the same vulnerabilities) This new UltravNC vncviewer is compatible with both v1.0.2 and latest v1.0.4 RC versions Of course, it will be included in the next UltravNC 1.0.4 release - These BUFFER OVERFLOW vulnerabilities are only for the vncviewer They could allow a perpetrator to take the control of a machine running the vncviewer in LISTENING mode They could allow a pretending-UltraVNC-server-hostile-machine to take the control of a machine trying to connect to this hostile server using the vncviewer. The UltraVNC server does NOT have these vulnerabilities - This vulnerability could be exploited when a DSM Plugin is used ONLY if the perpetrator has the encryption key file used by the vncviewer. => It is recommended: - To upgrade your vncviewer.exe, for ALL versions. - Or to avoid to use the vncviewer in listening mode - Or to always connect on trusted UltraVNC servers - Or to always use a DSM plugin Fixed version available via the Download link on home page http://www.uvnc.com SVN source code has also been updated