Connect with us

Hi, what are you looking for?



Code Execution Vulnerabilities Patched in FreeRDP

Researchers at Cisco’s Talos security intelligence and research group have discovered several potentially serious vulnerabilities in FreeRDP. The tool’s developers patched the flaws on Monday with the release of an update.

Researchers at Cisco’s Talos security intelligence and research group have discovered several potentially serious vulnerabilities in FreeRDP. The tool’s developers patched the flaws on Monday with the release of an update.

FreeRDP is an open-source implementation of Microsoft’s Remote Desktop Protocol (RDP). The software, which allows users to remotely connect to other devices, is included in several Linux distributions and is available for both Windows and Mac systems. The FreeRDP library is also used by many commercial applications.

While FreeRDP is typically used for legitimate purposes, it has also been leveraged by cybercriminals, including the notorious group known as Carbanak and Anunak.

Talos researchers discovered that FreeRDP 2.0.0-beta1 on Windows, Linux and Mac OS X is affected by six vulnerabilities that can be exploited for remote code execution and denial-of-service (DoS) attacks.

The RCE flaws, both tracked as CVE-2017-2834 and assigned a severity rating of “high,” exist due to the use of untrusted data in handling the license authentication and reception of an RDP packet from the server.

“The license message sent by the server contains a length field, which is not correctly verified by FreeRDP. For internal purposes, the library decreases this value by 4, if the server is sent a value inferior to 3, this will result in a negative value and the writing of packet contents outside of the allocated buffer in memory. This vulnerability can allow the execution of arbitrary code on the FreeRDP client side,” Talos said in its advisory.

The DoS vulnerabilities, which allow an attacker to crash the client, exist due to the way the client handles proprietary server certificates, security data, and license challenge packets.

Advertisement. Scroll to continue reading.

The security holes can be exploited by sending specially crafted packets, either via a man-in-the-middle (MitM) attack or by compromising the server.

Talos has made available technical details and developed proof-of-concept (PoC) exploits for the vulnerabilities.

The flaws were patched with the release of FreeRDP 2.0.0-rc0 on Monday. FreeRDP developers have also published an advisory pinpointing the changes made to the code.

Related: Cisco Talos Extends Vulnerability Disclosure Timeline

Related: Cisco Releases Open Source Malware Signature Generator

Related: Serious Flaws Found in Aerospike Database Server

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...