Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution

2016.12.09

Credit: filippo.cavallarin

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Vulnerability type: Undisclosed
Risk level: 4 / 5
Credit: filippo.cavallarin@wearesegment.com
CVE: N/A
Vendor notification: 2016-07-13
Vendor fix: N/A
Public disclosure: N/A
Details
A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine.
User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability.
Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY.
Solution
N/A
References
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

References:

https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.