rdesktop process_bitmap_updates() Function Heap-Based Buffer Overflow Remote Code Execution Vulnerability

By GIXnews


A vulnerability in the process_bitmap_updates() function of rdesktop could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to an integer overflow condition that exists in the affected software that could lead to an out-of-bounds write condition in the process_bitmap_updates() function. An attacker could exploit this vulnerability by persuading a user who is using a Remote Desktop Protocol (RDP) client on a targeted system to connect to an attacker-controlled RDP server. A successful exploit could trigger memory corruption that the attacker could use to execute arbitrary code on the system.

rdesktop has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-8795

Source:: Cisco Multivendor Vulnerability Alerts