Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Exploitability
AV:NAC:LAu:SImpact
C:PI:PA:P6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P