Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution Vulnerability

2016-12-11T00:00:00
ID 1337DAY-ID-26506
Type zdt
Reporter Filippo Cavallarin
Modified 2016-12-11T00:00:00

Description

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

                                        
                                            Title:  Microsoft Remote Desktop Client for Mac Remote Code Execution
Product:  Microsoft Remote Desktop Client for Mac
Version:  8.0.36 and probably prior
Vendor:  www.microsoft.com
Vulnerability type:  Undisclosed
Risk level:  4 / 5
Credit:  [email protected]
CVE:  N/A
Vendor notification:  2016-07-13
Vendor fix:  N/A
Public disclosure:  N/A
Details

A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine.
User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability.
Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY.

Solution
N/A

#  0day.today [2018-04-14]  #