CVE-2026-3787 clarification

Post Reply
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6991
Joined: 2004-04-23 10:21
Contact:
Contact Rudi De Vos

CVE-2026-3787 clarification

Post by Rudi De Vos »

https://www.cvedetails.com/cve/CVE-2026-3787/

The prerequisites are significant:

The attacker needs to place a fake cryptbase.dll in the application directory (e.g. C:\Program Files\UltraVNC)
To be able to do that he need write access to the install directory — which on a standard Windows installation requires local Administrator or explicit ACL grants.

If an attacker have admin access.... he can replace any file winvnc.exe cmd.exe by his own version

Fix is needed for
Compliance/audit requirements — security scanners flag the missing flag regardless of exploitability,
so fixing it makes the product pass audits (STIG, CIS, etc.)

We have added some protection against this in upcoming version, this protect winvnc.exe from using a fake cryptbase.dll, after some admin dropped it in the UltraVNC folder ....

If they have admin access... they actual do what they want, not just replacing a windows dll.

https://uvnc.eu/download/1710/UltraVNC_17111-dev.zip
https://uvnc.eu/download/1710/UltraVNC_ ... _Setup.exe
https://uvnc.eu/download/1710/UltraVNC_ ... _Setup.exe
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
Top
Post Reply

Return to “1.7.x”