CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.2%
Stack-based buffer overflow in the tsc_launch_remote function
(src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly
other versions, allows user-assisted remote attackers to execute arbitrary
code via a .RDP file with a long hostname argument.
Author | Note |
---|---|
jdstrand | should be protected by stack-protector (investigate) no patch from upstream sbversion as of 2011-02-08 (http://tsclient.svn.sourceforge.net/viewvc/tsclient/) |