VDB
CVE-2001-0168
CVE-2001-0168
PUBLISHED
CVSS 10 CRITICAL
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
EPSS 67.36% · 98.6th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
67.36%
98.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| att | winvnc | 0 |
Timeline
- Mar 9, 2001 CVE Published
- Dec 6, 2009 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 26, 2023 EPSS Score
References
- 2306 vdb
- VU#598581 third-party-advisory
- 20010129 [CORE SDI ADVISORY] WinVNC server buffer overflow mailing-list
- winvnc-server-bo(6026) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2001-0168 advisory