Bugtraq mailing list archives

Microsoft Remote Desktop Client for Mac Remote Code Execution

From: Filippo Cavallarin <filippo.cavallarin () wearesegment com>
Date: Wed, 7 Dec 2016 19:14:03 +0100


Advisory ID:    SGMA16-004
Title:  Microsoft Remote Desktop Client for Mac Remote Code Execution
Product:        Microsoft Remote Desktop Client for Mac
Version:        8.0.36 and probably prior
Vendor: www.microsoft.com
Vulnerability type:     Undisclosed
Risk level:     4 / 5
Credit: filippo.cavallarin () wearesegment com
CVE:    N/A
Vendor notification:    2016-07-13
Vendor fix:     N/A
Public disclosure:      N/A
Details

A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on 
the target machine.
User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is 
sufficient to trigger the vulnerability.
Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a 
demo video is available at https://youtu.be/6HeSiXYRpNY.

Solution
N/A

References
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Microsoft Remote Desktop Client for Mac Remote Code Execution Filippo Cavallarin (Dec 07)