Pavel Cheremushkin kuchokera ku Kaspersky Lab makhazikitsidwe osiyanasiyana a VNC (Virtual Network Computing) njira yofikira kutali ndikuzindikira ziwopsezo za 37 zomwe zimayambitsidwa ndi zovuta mukamagwira ntchito ndi kukumbukira. Zowopsa zomwe zadziwika pakukhazikitsa seva ya VNC zitha kugwiritsidwa ntchito ndi munthu wotsimikizika, komanso kuwukira zofooka pamakhodi a kasitomala ndizotheka ngati wogwiritsa ntchito alumikizidwa ndi seva yoyendetsedwa ndi woukira.
Chiwerengero chachikulu chazovuta zomwe zapezeka mu phukusi , likupezeka pa nsanja ya Windows yokha. Zofooka zonse za 22 zadziwika mu UltraVNC. Zowopsa za 13 zitha kupangitsa kuti ma code asungidwe pamakina, 5 kukumbukira kutayikira, ndi 4 kukana ntchito.
Zowopsa zakhazikika pakutulutsidwa .
Mu laibulale yotseguka (LibVNCServer ndi LibVNCClient), yomwe mu VirtualBox, zofooka za 10 zadziwika.
5 zofooka (, , , , ) zimayambitsidwa ndi kusefukira kwa bafa ndipo zitha kupangitsa kuti ma code aperekedwe. Zofooka za 3 zitha kubweretsa kutayikira kwa chidziwitso, 2 kukana ntchito.
Mavuto onse adakonzedwa kale ndi opanga, koma zosintha zikadalipo kokha mu nthambi ya master.
Π (yoyesedwa gawo la gawo la cholowa chamtanda , popeza mtundu waposachedwa wa 2.x umatulutsidwa wa Windows okha), zofooka 4 zidapezeka. Mavuto atatu (, , ) zimayambitsidwa ndi kusefukira kwa buffer mu InitialiseRFBConnection, rfbServerCutText, ndi ntchito za HandleCoRREBBP, ndipo zitha kupangitsa kuti ma code aperekedwe. Vuto limodzi () kumabweretsa kukana ntchito. Ngakhale opanga TightVNC anali za mavuto chaka chatha, zofooka zimakhalabe zosakonzedwa.
Mu mtanda nsanja phukusi (foloko ya TightVNC 1.3 yomwe imagwiritsa ntchito laibulale ya libjpeg-turbo), chiwopsezo chimodzi chokha chidapezeka (), koma ndizowopsa ndipo, ngati muli ndi mwayi wopezeka pa seva, zimapangitsa kuti zitheke kukonzekera kuchitidwa kwa code yanu, popeza ngati buffer ikusefukira, ndizotheka kulamulira adilesi yobwerera. Vuto lathetsedwa ndipo sizikuwoneka pazotulutsa zomwe zatulutsidwa pano .
Source: opennet.ru