BugTraq
Microsoft Remote Desktop Client for Mac Remote Code Execution Dec 07 2016 06:14PM
Filippo Cavallarin (filippo cavallarin wearesegment com)

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Vulnerability type: Undisclosed
Risk level: 4 / 5
Credit: filippo.cavallarin (at) wearesegment (dot) com [email concealed]
CVE: N/A
Vendor notification: 2016-07-13
Vendor fix: N/A
Public disclosure: N/A
Details

A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine.
User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability.
Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY.

Solution
N/A

References
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-fo
r-Mac-Remote-Code-Execution
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYSFFrAAoJENKaW7brYyGo2qEP/i8K5Wk6n2lWyfDBnEk8Imhs
w0jF2ReLSAdsU9UcOBX5pjw95hbvw3cNg8MW4rYxuKfpG7L/Yzivzaz3S4T5h4nO
2Vf74oLfhwgCZs0rVl5uTkemLZrceWczu9G1cclNx/TSLjiWindIDMwkJN07S4gs
IYhu7go2Fm5UI9mpty+VvQFHklL/WJG9Ul4hgULynDaFg1Uoqz92gkt0Qm6n4oO0
hDU82m7l7LGdu4XO24VNbLfJ5O0OwxLdrDgMtq8mEkGHb5zvD/zXPRrxZptLbdYC
yBLAf4a4N/u8Gi8bfdcV+dTWulKmPammz38Y1qUE5XtE8J+9AYDxPRouAWfB41OB
20ObObvW4YIosGAlMUZ7Sonhzto7i7Iw1kVbxnUoFJeNvEdQT4UlSCVZdtpJg9sz
0gELmeWHvn/81ndF5jW/fr3K20+SAUBMPiET2mvu1uhOEF004dHbN1h1Hf6Ko4xK
iIX9NwW9/tG2O8emBM2K6EC4gc40dyniUpKjuXU6VDy7Kk7KdVDiwobHr+akxqrr
XAksA4sZdOuigrco0Yg8kSkug9/RpNa18+61dvWVIm7ZyFbb+ONKD8Rl5XIIZ+E/
HcHzLnJ99XxLrqfifSB3bUd0Q1/b7KlgV5weBici4+HF5SL2D1jbaIG0lJFLfi/N
EYyWiDXNSZ3gdpQ9IA1m
=cTDt
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus