Security Advisory: Security flaw in RealVNC 4.1.1

Advisory: Security flaw in RealVNC 4.1.1 (5-16-06)

A security vulnerability has been recently discovered in the remote administration application Real VNC 4.1.1 in which an attacker can gain full access to a machine without supplying a valid password. It has been determined that this flaw only exists in version 4.1.1 of Real VNC, and that it has just been fixed in version 4.1.2. Exploits for this vulnerability are already in the wild. Please verify any installations of this program on your networks, and upgrade where necessary to ensure protection. For more information please see the following discussions: Please visit the Real VNC site to obtain the 4.1.2 security upgrade: http://www.realvnc.com/

This message was brought to you by the Applied Security Task Force. Contact us at: safecomputing@ucla.edu