I have put together a proof of concept application (VNC Flaw Test). If you visit this page from the server or machine running VNC, it will attempt to connect back and display a snapshot. If it says your safe – then hey your safe. If not, you got to wonder how many million people have this installed and they have a wide open security flaw.
Now it is still possible we are wrong, since every machine we have had the chance to test has been touched by our software. Try it and see if you are vulnerable – and remember you need to browse to the testing page *from* the machine running VNC, and this machine and VNC port has to be accessible from the Internet.
