[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft Remote Desktop Client for Mac Remote Code Execution

Advisory ID:	SGMA16-004
Title:	Microsoft Remote Desktop Client for Mac Remote Code Execution
Product:	Microsoft Remote Desktop Client for Mac
Version:	8.0.36 and probably prior
Vendor:	www.microsoft.com
Vulnerability type:	Undisclosed
Risk level:	4 / 5
Credit:	filippo.cavallarin@xxxxxxxxxxxxxxxx
Vendor notification:	2016-07-13
Vendor fix:	N/A
Public disclosure:	N/A

A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine.
User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability.
Since Microsoft has not released a fix yet, we won't provide any further information until the bug is fixed. Only a demo video is available at https://youtu.be/6HeSiXYRpNY.



Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail