CVE-2017-2835

Summary

An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
FreeRDPFreeRDP2.0.0-beta1+android11 - Windows, OSX, Linuxaffected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References