Skip to content

CVE-2026-3787 clarification #338

New issue
New issue
Open
Open
CVE-2026-3787 clarification#338
Assignees
RudiDeVos
Labels
rudiRudi answer is neededvulnerabilityVulnerability (CVE) related
@RudiDeVos

Description

@RudiDeVos
RudiDeVos
opened on Mar 11, 2026

https://www.cvedetails.com/cve/CVE-2026-3787/

The prerequisites are significant:

The attacker needs to place a fake cryptbase.dll in the application directory (e.g. C:\Program Files\UltraVNC)
To be able to do that he need write access to the install directory — which on a standard Windows installation requires local Administrator or explicit ACL grants.

If an attacker have admin access.... he can replace any file winvnc.exe cmd.exe by his own version

Fix is needed for
Compliance/audit requirements — security scanners flag the missing flag regardless of exploitability,
so fixing it makes the product pass audits (STIG, CIS, etc.)

We have added some protection against this in upcoming version, this protect winvnc.exe from using a fake cryptbase.dll, after some admin dropped it in the UltraVNC folder ....

If they have admin access... they actual do what they want, not just replacing a windows dll.

https://uvnc.eu/download/1710/UltraVNC_17111-dev.zip
https://uvnc.eu/download/1710/UltraVNC_17111_x64_Setup.exe
https://uvnc.eu/download/1710/UltraVNC_17111_x86_Setup.exe

Metadata

Metadata

Assignees

Labels

rudiRudi answer is neededvulnerabilityVulnerability (CVE) related

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions