Think you have a false positive on this rule?

Sid 1-52397


SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt


This event is generated when heap over exploit for LibVNCServer is detected.


remote code execution

Detailed information

The vulnerability looks for a value that could case a heap overflow to occur when using file transfer extensions for VNC.

Affected systems

Ease of attack


False positives

None known

False negatives

None known

Corrective action

Isolate the affected system and determine if it has been compromised. Remediate it in accordance with your organization's incident response policy if it has. Afterward, identify the application utilizing a vulnerable version of LibVNCServer and apply the latest stable patch for that application.


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-15127