VNC is a popular desktop sharing protocol, which is used by many individual users, as well as by major ICS vendors. That’s why I decided to review the most popular VNC projects like libvnc (used by Virtualbox), TightVNC, UltraVNC, and others.

So far, I have discovered more than 40 security vulnerabilities in different VNC implementations and the research is still going on. The talk will cover technical details of interesting vulnerabilities found, how malicious attackers could have exploited them, methods used during the process of discovery and how these issues could be forestalled by project developers.

During the talk I am going to demonstrate: both server-side and client-side vulnerabilities within different VNC implementations, «vulnerability plague» that was caused by developers copy-pasting vulnerable code without thinking, remote code execution PoC on a client machine connecting to a malicious or compromised server.