Bugtraq mailing list archives
Microsoft Remote Desktop Client for Mac Remote Code Execution
From: Filippo Cavallarin <filippo.cavallarin () wearesegment com>
Date: Wed, 7 Dec 2016 19:14:03 +0100
Advisory ID: SGMA16-004 Title: Microsoft Remote Desktop Client for Mac Remote Code Execution Product: Microsoft Remote Desktop Client for Mac Version: 8.0.36 and probably prior Vendor: www.microsoft.com Vulnerability type: Undisclosed Risk level: 4 / 5 Credit: filippo.cavallarin () wearesegment com CVE: N/A Vendor notification: 2016-07-13 Vendor fix: N/A Public disclosure: N/A Details A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine. User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability. Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY. Solution N/A References https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Microsoft Remote Desktop Client for Mac Remote Code Execution Filippo Cavallarin (Dec 07)