I've just received this. If you use this then please act appropriately.

JANET-CERT believes there may be significant use in JANET of the RealVNC product (http://www.realvnc.com/) for remote management.

A defect has recently been disclosed which may result in a system with a RealVNC server being partly or completely controlled by an unauthorised and unauthenticated remote attacker:
http://secunia.com/advisories/20107/

There are exploits for this vulnerability in the wild, and we are seeing a significant amount of scanning for TCP port 5900:
http://isc.sans.org/diary.php?storyid=1336&rss

Versions of RealVNC are now available in which the problem is
corrected:
http://www.realvnc.com/upgrade.html.
It would be good practice to only allow access to the VNC service from specific addresses or address ranges, reducing the risk from this or any subsequent vulnerabilities.


If you have any questions which public Web sites do not answer, you are welcome to raise them on the UK-Security discussion list or directly with JANET-CERT <cert@cert.ja.net>.
Thank you.