A vulnerability in the process_plane() function of rdesktop could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to a heap-based buffer overflow condition that exists in the process_plane() function of the affected software. An attacker could exploit this vulnerability by persuading a user who is using a Remote Desktop Protocol (RDP) client on a targeted system to connect to an attacker-controlled RDP server. A successful exploit could allow the attacker to execute arbitrary code on the system.
rdesktop has confirmed the vulnerability and released software updates.
Security Impact Rating: High