Allele Security Alert
Integer overflow that leads to a heap-based buffer overflow in function gdi_Bitmap_Decompress()
FreeRDP prior to version 2.0.0-rc4
Proof of concept
FreeRDP prior to version 2.0.0-rc4 contains an integer overflow that leads to a heap-based buffer overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
Eyal Itkin (Checkpoint Research)
Reverse RDP Attack: Code Execution on RDP Clients
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 11, 2019