Network Security, Vulnerability Management

Two RCE, four DoS flaws found in FreeRDP


A half dozen vulnerabilities found in FreeRDP, the free version of the Remote Desktop Protocol first developed by Microsoft, could result in remote code execution or denials of service (DoS) for those using the protocol that lets users remotely connect to systems.

"The open source nature of the FreeRDP library means that it is integrated into many commercial remote desktop protocol applications," Cisco Talos researchers wrote in a blog post.

The first category, which includes two RCE vulnerabilities, CVE-2017-2834 and CVE-2017-2835, "allows code execution on the client side through a specially crafted response from a RDP server," the researchers wrote. The second category, which contains four DoS flaws (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838 and CVE-2017-2839) can cause the termination of the FreeRDP client."

Talos said the vulnerabilities stem from "weaknesses" in the way network packets coming from the RDP server are handled. 

"Indeed, the size of the data needed to be parsed is sent from the server without checks on the client side," Talos added. "An attacker can compromise the server or use a man-in-the-middle attack to trigger these vulnerabilities."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.