There has been a serious integer overflow vulnerability found in the UltraVNC viewer with versions 220.127.116.11 and earlier. There is more information about this vulnerability at Core Security.
Notice that this is for the viewer only. The server is not affected by this bug.
The easiest way to upgrade the viewer is to upgrade to the latest release of VENM Console. This version uses the patched viewer and is safe.
Alternatively, you can manually update your vncviewer.exe by performing the following steps:
- Download the zipped viewer here
- Unzip the vncviewer.exe into the following places:
- “C:Program FilesBozteckVNCScan Console .Net”
Bozteck VENM Support