*** Feb. 8 2008 Update ***

This vncviewer.exe fixes several new vulnerabilities found in the vncviewer
(VncViewer 1.0.2 and latest 1.0.4 RC have the same vulnerabilities)

This new UltravNC vncviewer is compatible with both v1.0.2 and latest v1.0.4 RC versions
Of course, it will be included in the next UltravNC 1.0.4 release



- These BUFFER OVERFLOW vulnerabilities are only for the vncviewer
They could allow a perpetrator to take the control of a machine running the vncviewer in LISTENING mode
They could allow a pretending-UltraVNC-server-hostile-machine to take the control of a machine trying to connect to this hostile server using the vncviewer.

The UltraVNC server does NOT have these vulnerabilities


- This vulnerability could be exploited when a DSM Plugin is used ONLY if the perpetrator has the encryption key file used by the vncviewer.


=> It is recommended:

- To upgrade your vncviewer.exe, for ALL versions.
- Or to avoid to use the vncviewer in listening mode
- Or to always connect on trusted UltraVNC servers
- Or to always use a DSM plugin

Fixed version available via the Download link on home page
http://www.uvnc.com

SVN source code has also been updated