Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.0009Percentile:
0.26684
CVSS Scoring
CVSS v2 Score: 4.6
Severity:
Affected Products
cpe:2.3:a:att:winvnc_server:*:*:*:*:*:*:*:*
cpe:2.3:a:att:winvnc_server:3.3.3_r7:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tridia:tridiavnc:1.5:*:*:*:*:*:*:*
cpe:2.3:a:tridia:tridiavnc:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tridia:tridiavnc:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:tridia:tridiavnc:1.5.4:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me