FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
Published Date: Thursday 29th of November 2018 01:29:00 PM
Modified Date: Friday 5th of April 2019 01:29:02 AM
Network Access Vector:
The attacker does not require local network access or local access.
Authentication is not required to access and exploit the vulnerability.
The attack can be performed manually and requires little skill or additional information gathering.
There is reduced performance or interruptions in resource availability.
Modification of some system files is posible.
There is considerable information disclosure.