It demands that the victim is doing some kind of user interaction. No form of authentication is needed for a successful exploitation. The identification of this vulnerability is CVE-2020-0765. The public release has been coordinated with Microsoft. The weakness was published as confirmed security update guide (Website). The summary by CVE is:Īn information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Using CWE to declare the problem leads to CWE-200. The manipulation with an unknown input leads to a information disclosure vulnerability. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability, which was classified as problematic, has been found in Microsoft Remote Desktop Connection Manager 2.7. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
