Advisory: Thinfinity Remote Desktop Workstation Directory Traversal

Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw
Version: Thinfinity Remote Desktop Workstation v.3.0.0.3
Vendor: Cybele Software, Inc
Release Date: 01/04/2015
Want to check how good your organisation’s security is? Click here.
Thinfinity vulnerability summary
Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw.
Impact of the Thinfinity vulnerability
Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in the context of Local System (by default).
Unaffected Thinfinity Products
- Thinfinity Remote Desktop Workstation v.3.0.0.0 (32-bit and 64-bit) is not affected by this flaw.
- Thinfinity Remote Desktop Workstation v3.0.0.4 (32-bit and 64-bit) is not affected by this flaw.
Affected Thinfinity Products
Confirmed application versions affected:
- Thinfinity Remote Desktop Workstation v.3.0.0.3 (32-bit)
- Thinfinity Remote Desktop Workstation v.3.0.0.3 (64-bit)
Solution to Thinfinity Vulnerability
Upgrade to Thinfinity Remote Desktop Workstation v3.0.0.4
Thinfinity Vulnerability Time Table
29/01/2015: Perspective Risk Report vulnerability to vendor
06/03/2015: Vendor releases fixed version of the application
31/03/2015: Vendor publishes advisory
01/04/2015: Perspective Risk Advisory Published
Thinfinity Vulnerability Credits
Discovered by Matt Byrne, Principal Security Consultant @ Perspective Risk
Thinfinity References
Security Advisory: PR-20150401
CVE-ID: CVE-2015-1429
Vendor: http://cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2
Want to know more? Get in touch with one of our experts today