Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2020-0765

Опубликовано: 10 мар. 2020
Источник: msrc
EPSS Средний

Описание

Remote Desktop Connection Manager Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file.

FAQ

Where do I find the update for Remote Desktop Connection Manager (RDCMan)?

Microsoft is not planning on fixing this vulnerability in RDCMan and has deprecated the application. Microsoft recommends using supported Remote Desktop clients and exercising caution when opening RDCMan configuration files (.rdg).

Update 8/10/2021

RDCMan 2.82 is available through Sysinternals Remote Desktop Connection Manager - Windows Sysinternals | Microsoft Docs. This vulnerability has been addressed in this new version.

Обновления

ПродуктСтатьяОбновление
Remote Desktop Connection Manager v2.82
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

DOS

N/A

EPSS

Процентиль: 95%
0.17372
Средний

Связанные уязвимости

nvd логотип

CVE-2020-0765

CVSS3: 5.5
nvd
почти 6 лет назад

An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'.

github логотип

GHSA-fxpw-2w96-gf4c

github
больше 3 лет назад

An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'.

fstec логотип

BDU:2020-01047

CVSS3: 8.7
fstec
почти 6 лет назад

Уязвимость менеджера RDP соединений Remote Desktop Connection Manager (RDCMan), связанная с некорректной обработкой XML-данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 95%
0.17372
Средний