Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution

2016.12.09
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Advisory ID: SGMA16-004 Title: Microsoft Remote Desktop Client for Mac Remote Code Execution Product: Microsoft Remote Desktop Client for Mac Version: 8.0.36 and probably prior Vendor: www.microsoft.com Vulnerability type: Undisclosed Risk level: 4 / 5 Credit: filippo.cavallarin@wearesegment.com CVE: N/A Vendor notification: 2016-07-13 Vendor fix: N/A Public disclosure: N/A Details A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine. User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability. Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY. Solution N/A References https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

References:

https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top