CVEs

This page lists vulnerabilities I have found as part of (mostly professional) research that were assigned a CVE ID, with technical details of variable length. Some of these were awarded bounties.

CVE-2021-38666 in Windows — Remote Code Execution in the RDP client

2021-11-09
In Microsoft Remote Desktop, a malicious RDP server could remotely execute code in a client through the RDPDR extension (enabled by default).
Read more →

CVE-2021-38665 in Windows — Remote Heap Leak in the RDP client

2021-11-09
In Microsoft Remote Desktop, a malicious RDP server could remotely leak heap memory from a client through the RDPDR extension (enabled by default).
Read more →

CVE-2021-37595 in FreeRDP — Remote Arbitrary File Read

2021-07-27
In FreeRDP < 2.4.0 (Windows), a malicious RDP server can remotely read arbitrary files from a client’s system through the clipboard extension (enabled by default).
Read more →

CVE-2021-37594 in FreeRDP — Remote Memory Leak

2021-07-27
In FreeRDP < 2.4.0 (Windows), a malicious RDP server can remotely leak memory from a client’s system through the clipboard extension (enabled by default).
Read more →