To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.
An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
Here is the bulletin:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. In March, Microsoft announced that it was discontinuing Remote Desktop Connection Manager (RDCMan) due to a major security flaw ( CVE-2020-0765).
0 kommentar(er)
