CVE-2011-0901

Terminal Server Client 0.150 - Stack-Based Buffer Overflow via Long RDP File Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0901. PoCs published by D3V!L FUCKER.

AI-analyzed exploit summary This exploit generates a malformed .rdp file with an oversized 'client hostname' field to trigger a denial-of-service (DoS) in Terminal Server Client (tsclient). The PoC creates a file 'T-T34M.rdp' with a buffer overflow payload.

Description

Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers to execute arbitrary code via a .RDP file with a long (1) username, (2) password, or (3) domain argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by D3V!L FUCKER · perldoslinux

https://www.exploit-db.com/exploits/16095

View Code ZIP pw:eip

This exploit generates a malformed .rdp file with an oversized 'client hostname' field to trigger a denial-of-service (DoS) in Terminal Server Client (tsclient). The PoC creates a file 'T-T34M.rdp' with a buffer overflow payload.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Terminal Server Client (tsclient) - All Versions

No auth needed

Prerequisites: tsclient installed on the target system

MITRE ATT&CK