I was running version 4.1.1 of the free version of VNC software and have never had any problems, until about half an hour ago. VNC activated (the icon turned black) and someone started using my computer. I was able to disconnect my internet connection before anything was done.
Unfortunately, my logging had been disabled 6 months ago without my knowledge (I've been slacking as far as computer security goes) so I was unable to obtain an IP address. I run McAfee firewall and antivirus, don't leave my computer running and don't give my password(s) out...ever. I used to be a hacker...come on now.
The password for vnc, like all of my passwords, is 15 characters long, contains upper and lower case, alpha numeric characters along with puntuation characters. It would take someone years to brute force my password.
Because of this, I believe there is a unreported vulnerability. I have since filtered the IP addresses of incoming connections, changed the password and upgraded to version 4.1.2.
IntelliAdmin.com has an article detailing the vulnerability and a tool to test for it. It appears that hackers are now using this exploit. I urge anyone using VNC to upgrade ASAP.