What is CVE-2001-0168?

CVE-2001-0168 is a vulnerability in N/a. Published 2001-03-09.

Is CVE-2001-0168 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2001-0168

Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.

EPSS: 0.674 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

2306 (vdb-entry, x_refsource_BID)
VU#598581 (x_refsource_CERT-VN, third-party-advisory)
20010129 [CORE SDI ADVISORY] WinVNC server buffer overflow (mailing-list, x_refsource_BUGTRAQ)
winvnc-server-bo(6026) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2001-0168?: CVE-2001-0168 is a vulnerability in N/a. Published 2001-03-09.
Is CVE-2001-0168 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.