"The open source nature of the FreeRDP library means that it is integrated into many commercial remote desktop protocol applications," Cisco Talos researchers wrote in a blog post.The first category, which includes two RCE vulnerabilities, CVE-2017-2834 and CVE-2017-2835, "allows code execution on the client side through a specially crafted response from a RDP server," the researchers wrote. The second category, which contains four DoS flaws (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838 and CVE-2017-2839) can cause the termination of the FreeRDP client."
Talos said the vulnerabilities stem from "weaknesses" in the way network packets coming from the RDP server are handled.
"Indeed, the size of the data needed to be parsed is sent from the server without checks on the client side," Talos added. "An attacker can compromise the server or use a man-in-the-middle attack to trigger these vulnerabilities."