CVE-2021-41160

MEDIUM

FreeRDP < 2.4.1 - Out-of-bounds Write via GDI or SurfaceCommands Graphics Updates

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-41160. PoCs published by Jajangjaman.

AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2021-41160, a vulnerability in FreeRDP where a malicious server can trigger out-of-bounds writes in a connected client by sending invalid graphics updates. The issue was patched in FreeRDP 2.4.1.

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

Exploits (1)

nomisec WRITEUP

by Jajangjaman · poc

https://github.com/Jajangjaman/CVE-2021-41160

View Code ZIP pw:eip

This repository provides a detailed writeup for CVE-2021-41160, a vulnerability in FreeRDP where a malicious server can trigger out-of-bounds writes in a connected client by sending invalid graphics updates. The issue was patched in FreeRDP 2.4.1.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: FreeRDP versions prior to 2.4.1

No auth needed

Prerequisites: A malicious RDP server · A vulnerable FreeRDP client

MITRE ATT&CK