Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by persuading a user to connect to a malicious Remote Desktop Protocol (RDP) server using a vulnerable RDP client. The malicious server could send specially crafted responses that trigger memory corruption on the client system, potentially allowing arbitrary code execution in the context of the logged-on user. Successful exploitation requires user interaction to establish the RDP connection.
<a href="https://x.com/hareh4ru">Kyeongmin Kim (@hareh4ru)</a> with <a href="https://kaist-hacking.github.io/">KAIST Hacking Lab</a>, pwn2addr, Thanatos Tian & PB18 & @2st__ with Diffract