CVE-2011-0900

Terminal Server Client 0.150 - Stack-based Buffer Overflow via Long Hostname in .RDP File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0900. PoCs published by D3V!L FUCKER.

AI-analyzed exploit summary This exploit generates a malformed .rdp file with an oversized 'client hostname' field to trigger a denial-of-service (DoS) in Terminal Server Client (tsclient). The PoC creates a file 'T-T34M.rdp' with a buffer overflow payload.

Description

Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostname argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by D3V!L FUCKER · perldoslinux

https://www.exploit-db.com/exploits/16095

View Code ZIP pw:eip

This exploit generates a malformed .rdp file with an oversized 'client hostname' field to trigger a denial-of-service (DoS) in Terminal Server Client (tsclient). The PoC creates a file 'T-T34M.rdp' with a buffer overflow payload.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Terminal Server Client (tsclient) - All Versions

No auth needed

Prerequisites: tsclient installed on the target system

MITRE ATT&CK