The exploit leverages a vulnerability in Microsoft Remote Desktop for Mac (version 8.0.32 and prior) where a malicious RDP URL can be used to read/write files in the user's home directory. The PoC includes a Python script that creates a symbolic link to the victim's home directory and demonstrates arbitrary file operations, as well as a method for achieving remote code execution via SSH URI handler manipulation.
Classification
Working Poc 95%
Target:
Microsoft Remote Desktop for Mac (version 8.0.32 and prior)
No auth needed
Prerequisites:
Victim must click on a malicious RDP URL · Attacker must control a server to host the malicious RDP endpoint · Victim must have Microsoft Remote Desktop for Mac installed