| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DF31A1D0-991E-4C79-84A0-C0E0EADACDC9@wearesegment.com>
Date: Wed, 7 Dec 2016 19:14:03 +0100
From: Filippo Cavallarin <filippo.cavallarin@...resegment.com>
To: bugtraq@...urityfocus.com
Subject: Microsoft Remote Desktop Client for Mac Remote Code Execution
Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Vulnerability type: Undisclosed
Risk level: 4 / 5
Credit: filippo.cavallarin@...resegment.com
CVE: N/A
Vendor notification: 2016-07-13
Vendor fix: N/A
Public disclosure: N/A
Details
A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine.
User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability.
Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY.
Solution
N/A
References
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)
Powered by blists - more mailing lists